diff --git a/lightning/src/chain/channelmonitor.rs b/lightning/src/chain/channelmonitor.rs index 4bb08724c17..500f2b521dd 100644 --- a/lightning/src/chain/channelmonitor.rs +++ b/lightning/src/chain/channelmonitor.rs @@ -22,6 +22,7 @@ use bitcoin::blockdata::block::BlockHeader; use bitcoin::blockdata::transaction::{TxOut,Transaction}; +use bitcoin::blockdata::transaction::OutPoint as BitcoinOutPoint; use bitcoin::blockdata::script::{Script, Builder}; use bitcoin::blockdata::opcodes; @@ -54,6 +55,7 @@ use util::events::Event; use prelude::*; use core::{cmp, mem}; use io::{self, Error}; +use core::convert::TryInto; use core::ops::Deref; use sync::Mutex; @@ -315,6 +317,7 @@ struct OnchainEventEntry { txid: Txid, height: u32, event: OnchainEvent, + transaction: Option, // Added as optional, but always filled in, in LDK 0.0.110 } impl OnchainEventEntry { @@ -344,6 +347,11 @@ impl OnchainEventEntry { } } +/// The (output index, sats value) for the counterparty's output in a commitment transaction. +/// +/// This was added as an `Option` in 0.0.110. +type CommitmentTxCounterpartyOutputInfo = Option<(u32, u64)>; + /// Upon discovering of some classes of onchain tx by ChannelMonitor, we may have to take actions on it /// once they mature to enough confirmations (ANTI_REORG_DELAY) #[derive(PartialEq)] @@ -362,6 +370,8 @@ enum OnchainEvent { /// transaction which appeared on chain. commitment_tx_output_idx: Option, }, + /// An output waiting on [`ANTI_REORG_DELAY`] confirmations before we hand the user the + /// [`SpendableOutputDescriptor`]. MaturingOutput { descriptor: SpendableOutputDescriptor, }, @@ -371,6 +381,12 @@ enum OnchainEvent { /// The CSV delay for the output of the funding spend transaction (implying it is a local /// commitment transaction, and this is the delay on the to_self output). on_local_output_csv: Option, + /// If the funding spend transaction was a known remote commitment transaction, we track + /// the output index and amount of the counterparty's `to_self` output here. + /// + /// This allows us to generate a [`Balance::CounterpartyRevokedOutputClaimable`] for the + /// counterparty output. + commitment_tx_to_counterparty_output: CommitmentTxCounterpartyOutputInfo, }, /// A spend of a commitment transaction HTLC output, set in the cases where *no* `HTLCUpdate` /// is constructed. This is used when @@ -380,6 +396,9 @@ enum OnchainEvent { /// * an inbound HTLC is claimed by us (with a preimage). /// * a revoked-state HTLC transaction was broadcasted, which was claimed by the revocation /// signature. + /// * a revoked-state HTLC transaction was broadcasted, which was claimed by an + /// HTLC-Success/HTLC-Failure transaction (and is still claimable with a revocation + /// signature). HTLCSpendConfirmation { commitment_tx_output_idx: u32, /// If the claim was made by either party with a preimage, this is filled in @@ -395,6 +414,7 @@ impl Writeable for OnchainEventEntry { fn write(&self, writer: &mut W) -> Result<(), io::Error> { write_tlv_fields!(writer, { (0, self.txid, required), + (1, self.transaction, option), (2, self.height, required), (4, self.event, required), }); @@ -405,15 +425,17 @@ impl Writeable for OnchainEventEntry { impl MaybeReadable for OnchainEventEntry { fn read(reader: &mut R) -> Result, DecodeError> { let mut txid = Txid::all_zeros(); + let mut transaction = None; let mut height = 0; let mut event = None; read_tlv_fields!(reader, { (0, txid, required), + (1, transaction, option), (2, height, required), (4, event, ignorable), }); if let Some(ev) = event { - Ok(Some(Self { txid, height, event: ev })) + Ok(Some(Self { txid, transaction, height, event: ev })) } else { Ok(None) } @@ -432,6 +454,7 @@ impl_writeable_tlv_based_enum_upgradable!(OnchainEvent, }, (3, FundingSpendConfirmation) => { (0, on_local_output_csv, option), + (1, commitment_tx_to_counterparty_output, option), }, (5, HTLCSpendConfirmation) => { (0, commitment_tx_output_idx, required), @@ -563,18 +586,35 @@ pub enum Balance { /// done so. claimable_height: u32, }, + /// The channel has been closed, and our counterparty broadcasted a revoked commitment + /// transaction. + /// + /// Thus, we're able to claim all outputs in the commitment transaction, one of which has the + /// following amount. + CounterpartyRevokedOutputClaimable { + /// The amount, in satoshis, of the output which we can claim. + /// + /// Note that for outputs from HTLC balances this may be excluding some on-chain fees that + /// were already spent. + claimable_amount_satoshis: u64, + }, } /// An HTLC which has been irrevocably resolved on-chain, and has reached ANTI_REORG_DELAY. #[derive(PartialEq)] struct IrrevocablyResolvedHTLC { commitment_tx_output_idx: u32, + /// The txid of the transaction which resolved the HTLC, this may be a commitment (if the HTLC + /// was not present in the confirmed commitment transaction), HTLC-Success, or HTLC-Timeout + /// transaction. + resolving_txid: Option, // Added as optional, but always filled in, in 0.0.110 /// Only set if the HTLC claim was ours using a payment preimage payment_preimage: Option, } impl_writeable_tlv_based!(IrrevocablyResolvedHTLC, { (0, commitment_tx_output_idx, required), + (1, resolving_txid, option), (2, payment_preimage, option), }); @@ -710,6 +750,7 @@ pub(crate) struct ChannelMonitorImpl { funding_spend_seen: bool, funding_spend_confirmed: Option, + confirmed_commitment_tx_counterparty_output: CommitmentTxCounterpartyOutputInfo, /// The set of HTLCs which have been either claimed or failed on chain and have reached /// the requisite confirmations on the claim/fail transaction (either ANTI_REORG_DELAY or the /// spending CSV for revocable outputs). @@ -779,6 +820,7 @@ impl PartialEq for ChannelMonitorImpl { self.holder_tx_signed != other.holder_tx_signed || self.funding_spend_seen != other.funding_spend_seen || self.funding_spend_confirmed != other.funding_spend_confirmed || + self.confirmed_commitment_tx_counterparty_output != other.confirmed_commitment_tx_counterparty_output || self.htlcs_resolved_on_chain != other.htlcs_resolved_on_chain { false @@ -958,6 +1000,7 @@ impl Writeable for ChannelMonitorImpl { (5, self.pending_monitor_events, vec_type), (7, self.funding_spend_seen, required), (9, self.counterparty_node_id, option), + (11, self.confirmed_commitment_tx_counterparty_output, option), }); Ok(()) @@ -1064,6 +1107,7 @@ impl ChannelMonitor { holder_tx_signed: false, funding_spend_seen: false, funding_spend_confirmed: None, + confirmed_commitment_tx_counterparty_output: None, htlcs_resolved_on_chain: Vec::new(), best_block, @@ -1383,7 +1427,150 @@ impl ChannelMonitor { pub fn current_best_block(&self) -> BestBlock { self.inner.lock().unwrap().best_block.clone() } +} + +impl ChannelMonitorImpl { + /// Helper for get_claimable_balances which does the work for an individual HTLC, generating up + /// to one `Balance` for the HTLC. + fn get_htlc_balance(&self, htlc: &HTLCOutputInCommitment, holder_commitment: bool, + counterparty_revoked_commitment: bool, confirmed_txid: Option) + -> Option { + let htlc_commitment_tx_output_idx = + if let Some(v) = htlc.transaction_output_index { v } else { return None; }; + + let mut htlc_spend_txid_opt = None; + let mut holder_timeout_spend_pending = None; + let mut htlc_spend_pending = None; + let mut holder_delayed_output_pending = None; + for event in self.onchain_events_awaiting_threshold_conf.iter() { + match event.event { + OnchainEvent::HTLCUpdate { commitment_tx_output_idx, htlc_value_satoshis, .. } + if commitment_tx_output_idx == Some(htlc_commitment_tx_output_idx) => { + debug_assert!(htlc_spend_txid_opt.is_none()); + htlc_spend_txid_opt = event.transaction.as_ref().map(|tx| tx.txid()); + debug_assert!(holder_timeout_spend_pending.is_none()); + debug_assert_eq!(htlc_value_satoshis.unwrap(), htlc.amount_msat / 1000); + holder_timeout_spend_pending = Some(event.confirmation_threshold()); + }, + OnchainEvent::HTLCSpendConfirmation { commitment_tx_output_idx, preimage, .. } + if commitment_tx_output_idx == htlc_commitment_tx_output_idx => { + debug_assert!(htlc_spend_txid_opt.is_none()); + htlc_spend_txid_opt = event.transaction.as_ref().map(|tx| tx.txid()); + debug_assert!(htlc_spend_pending.is_none()); + htlc_spend_pending = Some((event.confirmation_threshold(), preimage.is_some())); + }, + OnchainEvent::MaturingOutput { + descriptor: SpendableOutputDescriptor::DelayedPaymentOutput(ref descriptor) } + if descriptor.outpoint.index as u32 == htlc_commitment_tx_output_idx => { + debug_assert!(holder_delayed_output_pending.is_none()); + holder_delayed_output_pending = Some(event.confirmation_threshold()); + }, + _ => {}, + } + } + let htlc_resolved = self.htlcs_resolved_on_chain.iter() + .find(|v| if v.commitment_tx_output_idx == htlc_commitment_tx_output_idx { + debug_assert!(htlc_spend_txid_opt.is_none()); + htlc_spend_txid_opt = v.resolving_txid; + true + } else { false }); + debug_assert!(holder_timeout_spend_pending.is_some() as u8 + htlc_spend_pending.is_some() as u8 + htlc_resolved.is_some() as u8 <= 1); + + let htlc_output_to_spend = + if let Some(txid) = htlc_spend_txid_opt { + debug_assert!( + self.onchain_tx_handler.channel_transaction_parameters.opt_anchors.is_none(), + "This code needs updating for anchors"); + BitcoinOutPoint::new(txid, 0) + } else { + BitcoinOutPoint::new(confirmed_txid.unwrap(), htlc_commitment_tx_output_idx) + }; + let htlc_output_spend_pending = self.onchain_tx_handler.is_output_spend_pending(&htlc_output_to_spend); + + if let Some(conf_thresh) = holder_delayed_output_pending { + debug_assert!(holder_commitment); + return Some(Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: htlc.amount_msat / 1000, + confirmation_height: conf_thresh, + }); + } else if htlc_resolved.is_some() && !htlc_output_spend_pending { + // Funding transaction spends should be fully confirmed by the time any + // HTLC transactions are resolved, unless we're talking about a holder + // commitment tx, whose resolution is delayed until the CSV timeout is + // reached, even though HTLCs may be resolved after only + // ANTI_REORG_DELAY confirmations. + debug_assert!(holder_commitment || self.funding_spend_confirmed.is_some()); + } else if counterparty_revoked_commitment { + let htlc_output_claim_pending = self.onchain_events_awaiting_threshold_conf.iter().find_map(|event| { + if let OnchainEvent::MaturingOutput { + descriptor: SpendableOutputDescriptor::StaticOutput { .. } + } = &event.event { + if event.transaction.as_ref().map(|tx| tx.input.iter().any(|inp| { + if let Some(htlc_spend_txid) = htlc_spend_txid_opt { + Some(tx.txid()) == htlc_spend_txid_opt || + inp.previous_output.txid == htlc_spend_txid + } else { + Some(inp.previous_output.txid) == confirmed_txid && + inp.previous_output.vout == htlc_commitment_tx_output_idx + } + })).unwrap_or(false) { + Some(()) + } else { None } + } else { None } + }); + if htlc_output_claim_pending.is_some() { + // We already push `Balance`s onto the `res` list for every + // `StaticOutput` in a `MaturingOutput` in the revoked + // counterparty commitment transaction case generally, so don't + // need to do so again here. + } else { + debug_assert!(holder_timeout_spend_pending.is_none(), + "HTLCUpdate OnchainEvents should never appear for preimage claims"); + debug_assert!(!htlc.offered || htlc_spend_pending.is_none() || !htlc_spend_pending.unwrap().1, + "We don't (currently) generate preimage claims against revoked outputs, where did you get one?!"); + return Some(Balance::CounterpartyRevokedOutputClaimable { + claimable_amount_satoshis: htlc.amount_msat / 1000, + }); + } + } else if htlc.offered == holder_commitment { + // If the payment was outbound, check if there's an HTLCUpdate + // indicating we have spent this HTLC with a timeout, claiming it back + // and awaiting confirmations on it. + if let Some(conf_thresh) = holder_timeout_spend_pending { + return Some(Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: htlc.amount_msat / 1000, + confirmation_height: conf_thresh, + }); + } else { + return Some(Balance::MaybeClaimableHTLCAwaitingTimeout { + claimable_amount_satoshis: htlc.amount_msat / 1000, + claimable_height: htlc.cltv_expiry, + }); + } + } else if self.payment_preimages.get(&htlc.payment_hash).is_some() { + // Otherwise (the payment was inbound), only expose it as claimable if + // we know the preimage. + // Note that if there is a pending claim, but it did not use the + // preimage, we lost funds to our counterparty! We will then continue + // to show it as ContentiousClaimable until ANTI_REORG_DELAY. + debug_assert!(holder_timeout_spend_pending.is_none()); + if let Some((conf_thresh, true)) = htlc_spend_pending { + return Some(Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: htlc.amount_msat / 1000, + confirmation_height: conf_thresh, + }); + } else { + return Some(Balance::ContentiousClaimable { + claimable_amount_satoshis: htlc.amount_msat / 1000, + timeout_height: htlc.cltv_expiry, + }); + } + } + None + } +} +impl ChannelMonitor { /// Gets the balances in this channel which are either claimable by us if we were to /// force-close the channel now or which are claimable on-chain (possibly awaiting /// confirmation). @@ -1393,9 +1580,9 @@ impl ChannelMonitor { /// balance, or until our counterparty has claimed the balance and accrued several /// confirmations on the claim transaction. /// - /// Note that the balances available when you or your counterparty have broadcasted revoked - /// state(s) may not be fully captured here. - // TODO, fix that ^ + /// Note that for `ChannelMonitors` which track a channel which went on-chain with versions of + /// LDK prior to 0.0.108, balances may not be fully captured if our counterparty broadcasted + /// a revoked state. /// /// See [`Balance`] for additional details on the types of claimable balances which /// may be returned here and their meanings. @@ -1404,9 +1591,13 @@ impl ChannelMonitor { let us = self.inner.lock().unwrap(); let mut confirmed_txid = us.funding_spend_confirmed; + let mut confirmed_counterparty_output = us.confirmed_commitment_tx_counterparty_output; let mut pending_commitment_tx_conf_thresh = None; let funding_spend_pending = us.onchain_events_awaiting_threshold_conf.iter().find_map(|event| { - if let OnchainEvent::FundingSpendConfirmation { .. } = event.event { + if let OnchainEvent::FundingSpendConfirmation { commitment_tx_to_counterparty_output, .. } = + event.event + { + confirmed_counterparty_output = commitment_tx_to_counterparty_output; Some((event.txid, event.confirmation_threshold())) } else { None } }); @@ -1418,71 +1609,12 @@ impl ChannelMonitor { } macro_rules! walk_htlcs { - ($holder_commitment: expr, $htlc_iter: expr) => { + ($holder_commitment: expr, $counterparty_revoked_commitment: expr, $htlc_iter: expr) => { for htlc in $htlc_iter { - if let Some(htlc_commitment_tx_output_idx) = htlc.transaction_output_index { - if let Some(conf_thresh) = us.onchain_events_awaiting_threshold_conf.iter().find_map(|event| { - if let OnchainEvent::MaturingOutput { descriptor: SpendableOutputDescriptor::DelayedPaymentOutput(descriptor) } = &event.event { - if descriptor.outpoint.index as u32 == htlc_commitment_tx_output_idx { Some(event.confirmation_threshold()) } else { None } - } else { None } - }) { - debug_assert!($holder_commitment); - res.push(Balance::ClaimableAwaitingConfirmations { - claimable_amount_satoshis: htlc.amount_msat / 1000, - confirmation_height: conf_thresh, - }); - } else if us.htlcs_resolved_on_chain.iter().any(|v| v.commitment_tx_output_idx == htlc_commitment_tx_output_idx) { - // Funding transaction spends should be fully confirmed by the time any - // HTLC transactions are resolved, unless we're talking about a holder - // commitment tx, whose resolution is delayed until the CSV timeout is - // reached, even though HTLCs may be resolved after only - // ANTI_REORG_DELAY confirmations. - debug_assert!($holder_commitment || us.funding_spend_confirmed.is_some()); - } else if htlc.offered == $holder_commitment { - // If the payment was outbound, check if there's an HTLCUpdate - // indicating we have spent this HTLC with a timeout, claiming it back - // and awaiting confirmations on it. - let htlc_update_pending = us.onchain_events_awaiting_threshold_conf.iter().find_map(|event| { - if let OnchainEvent::HTLCUpdate { commitment_tx_output_idx: Some(commitment_tx_output_idx), .. } = event.event { - if commitment_tx_output_idx == htlc_commitment_tx_output_idx { - Some(event.confirmation_threshold()) } else { None } - } else { None } - }); - if let Some(conf_thresh) = htlc_update_pending { - res.push(Balance::ClaimableAwaitingConfirmations { - claimable_amount_satoshis: htlc.amount_msat / 1000, - confirmation_height: conf_thresh, - }); - } else { - res.push(Balance::MaybeClaimableHTLCAwaitingTimeout { - claimable_amount_satoshis: htlc.amount_msat / 1000, - claimable_height: htlc.cltv_expiry, - }); - } - } else if us.payment_preimages.get(&htlc.payment_hash).is_some() { - // Otherwise (the payment was inbound), only expose it as claimable if - // we know the preimage. - // Note that if there is a pending claim, but it did not use the - // preimage, we lost funds to our counterparty! We will then continue - // to show it as ContentiousClaimable until ANTI_REORG_DELAY. - let htlc_spend_pending = us.onchain_events_awaiting_threshold_conf.iter().find_map(|event| { - if let OnchainEvent::HTLCSpendConfirmation { commitment_tx_output_idx, preimage, .. } = event.event { - if commitment_tx_output_idx == htlc_commitment_tx_output_idx { - Some((event.confirmation_threshold(), preimage.is_some())) - } else { None } - } else { None } - }); - if let Some((conf_thresh, true)) = htlc_spend_pending { - res.push(Balance::ClaimableAwaitingConfirmations { - claimable_amount_satoshis: htlc.amount_msat / 1000, - confirmation_height: conf_thresh, - }); - } else { - res.push(Balance::ContentiousClaimable { - claimable_amount_satoshis: htlc.amount_msat / 1000, - timeout_height: htlc.cltv_expiry, - }); - } + if htlc.transaction_output_index.is_some() { + + if let Some(bal) = us.get_htlc_balance(htlc, $holder_commitment, $counterparty_revoked_commitment, confirmed_txid) { + res.push(bal); } } } @@ -1491,8 +1623,8 @@ impl ChannelMonitor { if let Some(txid) = confirmed_txid { let mut found_commitment_tx = false; - if Some(txid) == us.current_counterparty_commitment_txid || Some(txid) == us.prev_counterparty_commitment_txid { - walk_htlcs!(false, us.counterparty_claimable_outpoints.get(&txid).unwrap().iter().map(|(a, _)| a)); + if let Some(counterparty_tx_htlcs) = us.counterparty_claimable_outpoints.get(&txid) { + // First look for the to_remote output back to us. if let Some(conf_thresh) = pending_commitment_tx_conf_thresh { if let Some(value) = us.onchain_events_awaiting_threshold_conf.iter().find_map(|event| { if let OnchainEvent::MaturingOutput { @@ -1511,9 +1643,50 @@ impl ChannelMonitor { // confirmation with the same height or have never met our dust amount. } } + if Some(txid) == us.current_counterparty_commitment_txid || Some(txid) == us.prev_counterparty_commitment_txid { + walk_htlcs!(false, false, counterparty_tx_htlcs.iter().map(|(a, _)| a)); + } else { + walk_htlcs!(false, true, counterparty_tx_htlcs.iter().map(|(a, _)| a)); + // The counterparty broadcasted a revoked state! + // Look for any StaticOutputs first, generating claimable balances for those. + // If any match the confirmed counterparty revoked to_self output, skip + // generating a CounterpartyRevokedOutputClaimable. + let mut spent_counterparty_output = false; + for event in us.onchain_events_awaiting_threshold_conf.iter() { + if let OnchainEvent::MaturingOutput { + descriptor: SpendableOutputDescriptor::StaticOutput { output, .. } + } = &event.event { + res.push(Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: output.value, + confirmation_height: event.confirmation_threshold(), + }); + if let Some(confirmed_to_self_idx) = confirmed_counterparty_output.map(|(idx, _)| idx) { + if event.transaction.as_ref().map(|tx| + tx.input.iter().any(|inp| inp.previous_output.vout == confirmed_to_self_idx) + ).unwrap_or(false) { + spent_counterparty_output = true; + } + } + } + } + + if spent_counterparty_output { + } else if let Some((confirmed_to_self_idx, amt)) = confirmed_counterparty_output { + let output_spendable = us.onchain_tx_handler + .is_output_spend_pending(&BitcoinOutPoint::new(txid, confirmed_to_self_idx)); + if output_spendable { + res.push(Balance::CounterpartyRevokedOutputClaimable { + claimable_amount_satoshis: amt, + }); + } + } else { + // Counterparty output is missing, either it was broadcasted on a + // previous version of LDK or the counterparty hadn't met dust. + } + } found_commitment_tx = true; } else if txid == us.current_holder_commitment_tx.txid { - walk_htlcs!(true, us.current_holder_commitment_tx.htlc_outputs.iter().map(|(a, _, _)| a)); + walk_htlcs!(true, false, us.current_holder_commitment_tx.htlc_outputs.iter().map(|(a, _, _)| a)); if let Some(conf_thresh) = pending_commitment_tx_conf_thresh { res.push(Balance::ClaimableAwaitingConfirmations { claimable_amount_satoshis: us.current_holder_commitment_tx.to_self_value_sat, @@ -1523,7 +1696,7 @@ impl ChannelMonitor { found_commitment_tx = true; } else if let Some(prev_commitment) = &us.prev_holder_signed_commitment_tx { if txid == prev_commitment.txid { - walk_htlcs!(true, prev_commitment.htlc_outputs.iter().map(|(a, _, _)| a)); + walk_htlcs!(true, false, prev_commitment.htlc_outputs.iter().map(|(a, _, _)| a)); if let Some(conf_thresh) = pending_commitment_tx_conf_thresh { res.push(Balance::ClaimableAwaitingConfirmations { claimable_amount_satoshis: prev_commitment.to_self_value_sat, @@ -1544,8 +1717,6 @@ impl ChannelMonitor { }); } } - // TODO: Add logic to provide claimable balances for counterparty broadcasting revoked - // outputs. } else { let mut claimable_inbound_htlc_value_sat = 0; for (htlc, _, _) in us.current_holder_commitment_tx.htlc_outputs.iter() { @@ -1683,8 +1854,10 @@ impl ChannelMonitor { /// as long as we examine both the current counterparty commitment transaction and, if it hasn't /// been revoked yet, the previous one, we we will never "forget" to resolve an HTLC. macro_rules! fail_unbroadcast_htlcs { - ($self: expr, $commitment_tx_type: expr, $commitment_txid_confirmed: expr, + ($self: expr, $commitment_tx_type: expr, $commitment_txid_confirmed: expr, $commitment_tx_confirmed: expr, $commitment_tx_conf_height: expr, $confirmed_htlcs_list: expr, $logger: expr) => { { + debug_assert_eq!($commitment_tx_confirmed.txid(), $commitment_txid_confirmed); + macro_rules! check_htlc_fails { ($txid: expr, $commitment_tx: expr) => { if let Some(ref latest_outpoints) = $self.counterparty_claimable_outpoints.get($txid) { @@ -1724,6 +1897,7 @@ macro_rules! fail_unbroadcast_htlcs { }); let entry = OnchainEventEntry { txid: $commitment_txid_confirmed, + transaction: Some($commitment_tx_confirmed.clone()), height: $commitment_tx_conf_height, event: OnchainEvent::HTLCUpdate { source: (**source).clone(), @@ -1911,7 +2085,7 @@ impl ChannelMonitorImpl { // First check if a counterparty commitment transaction has been broadcasted: macro_rules! claim_htlcs { ($commitment_number: expr, $txid: expr) => { - let htlc_claim_reqs = self.get_counterparty_htlc_output_claim_reqs($commitment_number, $txid, None); + let (htlc_claim_reqs, _) = self.get_counterparty_output_claim_info($commitment_number, $txid, None); self.onchain_tx_handler.update_claims_view(&Vec::new(), htlc_claim_reqs, self.best_block.height(), self.best_block.height(), broadcaster, fee_estimator, logger); } } @@ -2090,13 +2264,18 @@ impl ChannelMonitorImpl { /// data in counterparty_claimable_outpoints. Will directly claim any HTLC outputs which expire at a /// height > height + CLTV_SHARED_CLAIM_BUFFER. In any case, will install monitoring for /// HTLC-Success/HTLC-Timeout transactions. - /// Return updates for HTLC pending in the channel and failed automatically by the broadcast of - /// revoked counterparty commitment tx - fn check_spend_counterparty_transaction(&mut self, tx: &Transaction, height: u32, logger: &L) -> (Vec, TransactionOutputs) where L::Target: Logger { + /// + /// Returns packages to claim the revoked output(s), as well as additional outputs to watch and + /// general information about the output that is to the counterparty in the commitment + /// transaction. + fn check_spend_counterparty_transaction(&mut self, tx: &Transaction, height: u32, logger: &L) + -> (Vec, TransactionOutputs, CommitmentTxCounterpartyOutputInfo) + where L::Target: Logger { // Most secp and related errors trying to create keys means we have no hope of constructing // a spend transaction...so we return no transactions to broadcast let mut claimable_outpoints = Vec::new(); let mut watch_outputs = Vec::new(); + let mut to_counterparty_output_info = None; let commitment_txid = tx.txid(); //TODO: This is gonna be a performance bottleneck for watchtowers! let per_commitment_option = self.counterparty_claimable_outpoints.get(&commitment_txid); @@ -2105,7 +2284,7 @@ impl ChannelMonitorImpl { ( $thing : expr ) => { match $thing { Ok(a) => a, - Err(_) => return (claimable_outpoints, (commitment_txid, watch_outputs)) + Err(_) => return (claimable_outpoints, (commitment_txid, watch_outputs), to_counterparty_output_info) } }; } @@ -2127,6 +2306,8 @@ impl ChannelMonitorImpl { let revk_outp = RevokedOutput::build(per_commitment_point, self.counterparty_commitment_params.counterparty_delayed_payment_base_key, self.counterparty_commitment_params.counterparty_htlc_base_key, per_commitment_key, outp.value, self.counterparty_commitment_params.on_counterparty_tx_csv); let justice_package = PackageTemplate::build_package(commitment_txid, idx as u32, PackageSolvingData::RevokedOutput(revk_outp), height + self.counterparty_commitment_params.on_counterparty_tx_csv as u32, true, height); claimable_outpoints.push(justice_package); + to_counterparty_output_info = + Some((idx.try_into().expect("Txn can't have more than 2^32 outputs"), outp.value)); } } @@ -2136,7 +2317,9 @@ impl ChannelMonitorImpl { if let Some(transaction_output_index) = htlc.transaction_output_index { if transaction_output_index as usize >= tx.output.len() || tx.output[transaction_output_index as usize].value != htlc.amount_msat / 1000 { - return (claimable_outpoints, (commitment_txid, watch_outputs)); // Corrupted per_commitment_data, fuck this user + // per_commitment_data is corrupt or our commitment signing key leaked! + return (claimable_outpoints, (commitment_txid, watch_outputs), + to_counterparty_output_info); } let revk_htlc_outp = RevokedHTLCOutput::build(per_commitment_point, self.counterparty_commitment_params.counterparty_delayed_payment_base_key, self.counterparty_commitment_params.counterparty_htlc_base_key, per_commitment_key, htlc.amount_msat / 1000, htlc.clone(), self.onchain_tx_handler.channel_transaction_parameters.opt_anchors.is_some()); let justice_package = PackageTemplate::build_package(commitment_txid, transaction_output_index, PackageSolvingData::RevokedHTLCOutput(revk_htlc_outp), htlc.cltv_expiry, true, height); @@ -2155,13 +2338,13 @@ impl ChannelMonitorImpl { self.counterparty_commitment_txn_on_chain.insert(commitment_txid, commitment_number); if let Some(per_commitment_data) = per_commitment_option { - fail_unbroadcast_htlcs!(self, "revoked_counterparty", commitment_txid, height, + fail_unbroadcast_htlcs!(self, "revoked_counterparty", commitment_txid, tx, height, per_commitment_data.iter().map(|(htlc, htlc_source)| (htlc, htlc_source.as_ref().map(|htlc_source| htlc_source.as_ref())) ), logger); } else { debug_assert!(false, "We should have per-commitment option for any recognized old commitment txn"); - fail_unbroadcast_htlcs!(self, "revoked counterparty", commitment_txid, height, + fail_unbroadcast_htlcs!(self, "revoked counterparty", commitment_txid, tx, height, [].iter().map(|reference| *reference), logger); } } @@ -2179,68 +2362,112 @@ impl ChannelMonitorImpl { self.counterparty_commitment_txn_on_chain.insert(commitment_txid, commitment_number); log_info!(logger, "Got broadcast of non-revoked counterparty commitment transaction {}", commitment_txid); - fail_unbroadcast_htlcs!(self, "counterparty", commitment_txid, height, + fail_unbroadcast_htlcs!(self, "counterparty", commitment_txid, tx, height, per_commitment_data.iter().map(|(htlc, htlc_source)| (htlc, htlc_source.as_ref().map(|htlc_source| htlc_source.as_ref())) ), logger); - let htlc_claim_reqs = self.get_counterparty_htlc_output_claim_reqs(commitment_number, commitment_txid, Some(tx)); + let (htlc_claim_reqs, counterparty_output_info) = + self.get_counterparty_output_claim_info(commitment_number, commitment_txid, Some(tx)); + to_counterparty_output_info = counterparty_output_info; for req in htlc_claim_reqs { claimable_outpoints.push(req); } } - (claimable_outpoints, (commitment_txid, watch_outputs)) + (claimable_outpoints, (commitment_txid, watch_outputs), to_counterparty_output_info) } - fn get_counterparty_htlc_output_claim_reqs(&self, commitment_number: u64, commitment_txid: Txid, tx: Option<&Transaction>) -> Vec { + /// Returns the HTLC claim package templates and the counterparty output info + fn get_counterparty_output_claim_info(&self, commitment_number: u64, commitment_txid: Txid, tx: Option<&Transaction>) + -> (Vec, CommitmentTxCounterpartyOutputInfo) { let mut claimable_outpoints = Vec::new(); - if let Some(htlc_outputs) = self.counterparty_claimable_outpoints.get(&commitment_txid) { - if let Some(per_commitment_points) = self.their_cur_per_commitment_points { - let per_commitment_point_option = - // If the counterparty commitment tx is the latest valid state, use their latest - // per-commitment point - if per_commitment_points.0 == commitment_number { Some(&per_commitment_points.1) } - else if let Some(point) = per_commitment_points.2.as_ref() { - // If counterparty commitment tx is the state previous to the latest valid state, use - // their previous per-commitment point (non-atomicity of revocation means it's valid for - // them to temporarily have two valid commitment txns from our viewpoint) - if per_commitment_points.0 == commitment_number + 1 { Some(point) } else { None } - } else { None }; - if let Some(per_commitment_point) = per_commitment_point_option { - for (_, &(ref htlc, _)) in htlc_outputs.iter().enumerate() { - if let Some(transaction_output_index) = htlc.transaction_output_index { - if let Some(transaction) = tx { - if transaction_output_index as usize >= transaction.output.len() || - transaction.output[transaction_output_index as usize].value != htlc.amount_msat / 1000 { - return claimable_outpoints; // Corrupted per_commitment_data, fuck this user - } - } - let preimage = if htlc.offered { if let Some(p) = self.payment_preimages.get(&htlc.payment_hash) { Some(*p) } else { None } } else { None }; - if preimage.is_some() || !htlc.offered { - let counterparty_htlc_outp = if htlc.offered { - PackageSolvingData::CounterpartyOfferedHTLCOutput( - CounterpartyOfferedHTLCOutput::build(*per_commitment_point, - self.counterparty_commitment_params.counterparty_delayed_payment_base_key, - self.counterparty_commitment_params.counterparty_htlc_base_key, - preimage.unwrap(), htlc.clone())) - } else { - PackageSolvingData::CounterpartyReceivedHTLCOutput( - CounterpartyReceivedHTLCOutput::build(*per_commitment_point, - self.counterparty_commitment_params.counterparty_delayed_payment_base_key, - self.counterparty_commitment_params.counterparty_htlc_base_key, - htlc.clone())) - }; - let aggregation = if !htlc.offered { false } else { true }; - let counterparty_package = PackageTemplate::build_package(commitment_txid, transaction_output_index, counterparty_htlc_outp, htlc.cltv_expiry,aggregation, 0); - claimable_outpoints.push(counterparty_package); - } - } + let mut to_counterparty_output_info: CommitmentTxCounterpartyOutputInfo = None; + + let htlc_outputs = match self.counterparty_claimable_outpoints.get(&commitment_txid) { + Some(outputs) => outputs, + None => return (claimable_outpoints, to_counterparty_output_info), + }; + let per_commitment_points = match self.their_cur_per_commitment_points { + Some(points) => points, + None => return (claimable_outpoints, to_counterparty_output_info), + }; + + let per_commitment_point = + // If the counterparty commitment tx is the latest valid state, use their latest + // per-commitment point + if per_commitment_points.0 == commitment_number { &per_commitment_points.1 } + else if let Some(point) = per_commitment_points.2.as_ref() { + // If counterparty commitment tx is the state previous to the latest valid state, use + // their previous per-commitment point (non-atomicity of revocation means it's valid for + // them to temporarily have two valid commitment txns from our viewpoint) + if per_commitment_points.0 == commitment_number + 1 { + point + } else { return (claimable_outpoints, to_counterparty_output_info); } + } else { return (claimable_outpoints, to_counterparty_output_info); }; + + if let Some(transaction) = tx { + let revokeable_p2wsh_opt = + if let Ok(revocation_pubkey) = chan_utils::derive_public_revocation_key( + &self.secp_ctx, &per_commitment_point, &self.holder_revocation_basepoint) + { + if let Ok(delayed_key) = chan_utils::derive_public_key(&self.secp_ctx, + &per_commitment_point, + &self.counterparty_commitment_params.counterparty_delayed_payment_base_key) + { + Some(chan_utils::get_revokeable_redeemscript(&revocation_pubkey, + self.counterparty_commitment_params.on_counterparty_tx_csv, + &delayed_key).to_v0_p2wsh()) + } else { + debug_assert!(false, "Failed to derive a delayed payment key for a commitment state we accepted"); + None + } + } else { + debug_assert!(false, "Failed to derive a revocation pubkey key for a commitment state we accepted"); + None + }; + if let Some(revokeable_p2wsh) = revokeable_p2wsh_opt { + for (idx, outp) in transaction.output.iter().enumerate() { + if outp.script_pubkey == revokeable_p2wsh { + to_counterparty_output_info = + Some((idx.try_into().expect("Can't have > 2^32 outputs"), outp.value)); } } } } - claimable_outpoints + + for (_, &(ref htlc, _)) in htlc_outputs.iter().enumerate() { + if let Some(transaction_output_index) = htlc.transaction_output_index { + if let Some(transaction) = tx { + if transaction_output_index as usize >= transaction.output.len() || + transaction.output[transaction_output_index as usize].value != htlc.amount_msat / 1000 { + // per_commitment_data is corrupt or our commitment signing key leaked! + return (claimable_outpoints, to_counterparty_output_info); + } + } + let preimage = if htlc.offered { if let Some(p) = self.payment_preimages.get(&htlc.payment_hash) { Some(*p) } else { None } } else { None }; + if preimage.is_some() || !htlc.offered { + let counterparty_htlc_outp = if htlc.offered { + PackageSolvingData::CounterpartyOfferedHTLCOutput( + CounterpartyOfferedHTLCOutput::build(*per_commitment_point, + self.counterparty_commitment_params.counterparty_delayed_payment_base_key, + self.counterparty_commitment_params.counterparty_htlc_base_key, + preimage.unwrap(), htlc.clone())) + } else { + PackageSolvingData::CounterpartyReceivedHTLCOutput( + CounterpartyReceivedHTLCOutput::build(*per_commitment_point, + self.counterparty_commitment_params.counterparty_delayed_payment_base_key, + self.counterparty_commitment_params.counterparty_htlc_base_key, + htlc.clone())) + }; + let aggregation = if !htlc.offered { false } else { true }; + let counterparty_package = PackageTemplate::build_package(commitment_txid, transaction_output_index, counterparty_htlc_outp, htlc.cltv_expiry,aggregation, 0); + claimable_outpoints.push(counterparty_package); + } + } + } + + (claimable_outpoints, to_counterparty_output_info) } /// Attempts to claim a counterparty HTLC-Success/HTLC-Timeout's outputs using the revocation key @@ -2338,7 +2565,7 @@ impl ChannelMonitorImpl { let res = self.get_broadcasted_holder_claims(&self.current_holder_commitment_tx, height); let mut to_watch = self.get_broadcasted_holder_watch_outputs(&self.current_holder_commitment_tx, tx); append_onchain_update!(res, to_watch); - fail_unbroadcast_htlcs!(self, "latest holder", commitment_txid, height, + fail_unbroadcast_htlcs!(self, "latest holder", commitment_txid, tx, height, self.current_holder_commitment_tx.htlc_outputs.iter() .map(|(htlc, _, htlc_source)| (htlc, htlc_source.as_ref())), logger); } else if let &Some(ref holder_tx) = &self.prev_holder_signed_commitment_tx { @@ -2348,7 +2575,7 @@ impl ChannelMonitorImpl { let res = self.get_broadcasted_holder_claims(holder_tx, height); let mut to_watch = self.get_broadcasted_holder_watch_outputs(holder_tx, tx); append_onchain_update!(res, to_watch); - fail_unbroadcast_htlcs!(self, "previous holder", commitment_txid, height, + fail_unbroadcast_htlcs!(self, "previous holder", commitment_txid, tx, height, holder_tx.htlc_outputs.iter().map(|(htlc, _, htlc_source)| (htlc, htlc_source.as_ref())), logger); } @@ -2495,14 +2722,19 @@ impl ChannelMonitorImpl { log_info!(logger, "Channel {} closed by funding output spend in txid {}.", log_bytes!(self.funding_info.0.to_channel_id()), tx.txid()); self.funding_spend_seen = true; + let mut commitment_tx_to_counterparty_output = None; if (tx.input[0].sequence.0 >> 8*3) as u8 == 0x80 && (tx.lock_time.0 >> 8*3) as u8 == 0x20 { - let (mut new_outpoints, new_outputs) = self.check_spend_counterparty_transaction(&tx, height, &logger); + let (mut new_outpoints, new_outputs, counterparty_output_idx_sats) = + self.check_spend_counterparty_transaction(&tx, height, &logger); + commitment_tx_to_counterparty_output = counterparty_output_idx_sats; if !new_outputs.1.is_empty() { watch_outputs.push(new_outputs); } claimable_outpoints.append(&mut new_outpoints); if new_outpoints.is_empty() { if let Some((mut new_outpoints, new_outputs)) = self.check_spend_holder_transaction(&tx, height, &logger) { + debug_assert!(commitment_tx_to_counterparty_output.is_none(), + "A commitment transaction matched as both a counterparty and local commitment tx?"); if !new_outputs.1.is_empty() { watch_outputs.push(new_outputs); } @@ -2514,9 +2746,11 @@ impl ChannelMonitorImpl { let txid = tx.txid(); self.onchain_events_awaiting_threshold_conf.push(OnchainEventEntry { txid, + transaction: Some((*tx).clone()), height: height, event: OnchainEvent::FundingSpendConfirmation { on_local_output_csv: balance_spendable_csv, + commitment_tx_to_counterparty_output, }, }); } else { @@ -2641,7 +2875,10 @@ impl ChannelMonitorImpl { htlc_value_satoshis, })); if let Some(idx) = commitment_tx_output_idx { - self.htlcs_resolved_on_chain.push(IrrevocablyResolvedHTLC { commitment_tx_output_idx: idx, payment_preimage: None }); + self.htlcs_resolved_on_chain.push(IrrevocablyResolvedHTLC { + commitment_tx_output_idx: idx, resolving_txid: Some(entry.txid), + payment_preimage: None, + }); } }, OnchainEvent::MaturingOutput { descriptor } => { @@ -2651,10 +2888,14 @@ impl ChannelMonitorImpl { }); }, OnchainEvent::HTLCSpendConfirmation { commitment_tx_output_idx, preimage, .. } => { - self.htlcs_resolved_on_chain.push(IrrevocablyResolvedHTLC { commitment_tx_output_idx, payment_preimage: preimage }); + self.htlcs_resolved_on_chain.push(IrrevocablyResolvedHTLC { + commitment_tx_output_idx, resolving_txid: Some(entry.txid), + payment_preimage: preimage, + }); }, - OnchainEvent::FundingSpendConfirmation { .. } => { + OnchainEvent::FundingSpendConfirmation { commitment_tx_to_counterparty_output, .. } => { self.funding_spend_confirmed = Some(entry.txid); + self.confirmed_commitment_tx_counterparty_output = commitment_tx_to_counterparty_output; }, } } @@ -2883,7 +3124,7 @@ impl ChannelMonitorImpl { log_error!(logger, "Input spending {} ({}:{}) in {} resolves {} HTLC with payment hash {} with {}!", $tx_info, input.previous_output.txid, input.previous_output.vout, tx.txid(), if outbound_htlc { "outbound" } else { "inbound" }, log_bytes!($htlc.payment_hash.0), - if revocation_sig_claim { "revocation sig" } else { "preimage claim after we'd passed the HTLC resolution back" }); + if revocation_sig_claim { "revocation sig" } else { "preimage claim after we'd passed the HTLC resolution back. We can likely claim the HTLC output with a revocation claim" }); } else { log_info!(logger, "Input spending {} ({}:{}) in {} resolves {} HTLC with payment hash {} with {}", $tx_info, input.previous_output.txid, input.previous_output.vout, tx.txid(), @@ -2930,29 +3171,20 @@ impl ChannelMonitorImpl { if payment_data.is_none() { log_claim!($tx_info, $holder_tx, htlc_output, false); let outbound_htlc = $holder_tx == htlc_output.offered; - if !outbound_htlc || revocation_sig_claim { - self.onchain_events_awaiting_threshold_conf.push(OnchainEventEntry { - txid: tx.txid(), height, - event: OnchainEvent::HTLCSpendConfirmation { - commitment_tx_output_idx: input.previous_output.vout, - preimage: if accepted_preimage_claim || offered_preimage_claim { - Some(payment_preimage) } else { None }, - // If this is a payment to us (!outbound_htlc, above), - // wait for the CSV delay before dropping the HTLC from - // claimable balance if the claim was an HTLC-Success - // transaction. - on_to_local_output_csv: if accepted_preimage_claim { - Some(self.on_holder_tx_csv) } else { None }, - }, - }); - } else { - // Outbound claims should always have payment_data, unless - // we've already failed the HTLC as the commitment transaction - // which was broadcasted was revoked. In that case, we should - // spend the HTLC output here immediately, and expose that fact - // as a Balance, something which we do not yet do. - // TODO: Track the above as claimable! - } + self.onchain_events_awaiting_threshold_conf.push(OnchainEventEntry { + txid: tx.txid(), height, transaction: Some(tx.clone()), + event: OnchainEvent::HTLCSpendConfirmation { + commitment_tx_output_idx: input.previous_output.vout, + preimage: if accepted_preimage_claim || offered_preimage_claim { + Some(payment_preimage) } else { None }, + // If this is a payment to us (ie !outbound_htlc), wait for + // the CSV delay before dropping the HTLC from claimable + // balance if the claim was an HTLC-Success transaction (ie + // accepted_preimage_claim). + on_to_local_output_csv: if accepted_preimage_claim && !outbound_htlc { + Some(self.on_holder_tx_csv) } else { None }, + }, + }); continue 'outer_loop; } } @@ -2984,6 +3216,7 @@ impl ChannelMonitorImpl { self.onchain_events_awaiting_threshold_conf.push(OnchainEventEntry { txid: tx.txid(), height, + transaction: Some(tx.clone()), event: OnchainEvent::HTLCSpendConfirmation { commitment_tx_output_idx: input.previous_output.vout, preimage: Some(payment_preimage), @@ -3004,6 +3237,7 @@ impl ChannelMonitorImpl { } else { false }) { self.onchain_events_awaiting_threshold_conf.push(OnchainEventEntry { txid: tx.txid(), + transaction: Some(tx.clone()), height, event: OnchainEvent::HTLCSpendConfirmation { commitment_tx_output_idx: input.previous_output.vout, @@ -3030,6 +3264,7 @@ impl ChannelMonitorImpl { }); let entry = OnchainEventEntry { txid: tx.txid(), + transaction: Some(tx.clone()), height, event: OnchainEvent::HTLCUpdate { source, payment_hash, @@ -3103,6 +3338,7 @@ impl ChannelMonitorImpl { if let Some(spendable_output) = spendable_output { let entry = OnchainEventEntry { txid: tx.txid(), + transaction: Some(tx.clone()), height: height, event: OnchainEvent::MaturingOutput { descriptor: spendable_output.clone() }, }; @@ -3363,12 +3599,14 @@ impl<'a, Signer: Sign, K: KeysInterface> ReadableArgs<&'a K> let mut htlcs_resolved_on_chain = Some(Vec::new()); let mut funding_spend_seen = Some(false); let mut counterparty_node_id = None; + let mut confirmed_commitment_tx_counterparty_output = None; read_tlv_fields!(reader, { (1, funding_spend_confirmed, option), (3, htlcs_resolved_on_chain, vec_type), (5, pending_monitor_events, vec_type), (7, funding_spend_seen, option), (9, counterparty_node_id, option), + (11, confirmed_commitment_tx_counterparty_output, option), }); let mut secp_ctx = Secp256k1::new(); @@ -3419,6 +3657,7 @@ impl<'a, Signer: Sign, K: KeysInterface> ReadableArgs<&'a K> holder_tx_signed, funding_spend_seen: funding_spend_seen.unwrap(), funding_spend_confirmed, + confirmed_commitment_tx_counterparty_output, htlcs_resolved_on_chain: htlcs_resolved_on_chain.unwrap(), best_block, diff --git a/lightning/src/chain/onchaintx.rs b/lightning/src/chain/onchaintx.rs index 8f62c43c44e..0f2edff5ed7 100644 --- a/lightning/src/chain/onchaintx.rs +++ b/lightning/src/chain/onchaintx.rs @@ -691,6 +691,10 @@ impl OnchainTxHandler { } } + pub(crate) fn is_output_spend_pending(&self, outpoint: &BitcoinOutPoint) -> bool { + self.claimable_outpoints.get(outpoint).is_some() + } + pub(crate) fn get_relevant_txids(&self) -> Vec { let mut txids: Vec = self.onchain_events_awaiting_threshold_conf .iter() diff --git a/lightning/src/ln/functional_test_utils.rs b/lightning/src/ln/functional_test_utils.rs index 4c91d4f7b1c..85077683fbb 100644 --- a/lightning/src/ln/functional_test_utils.rs +++ b/lightning/src/ln/functional_test_utils.rs @@ -1534,13 +1534,11 @@ macro_rules! expect_payment_failed { }; } -pub fn expect_payment_failed_conditions<'a, 'b, 'c, 'd, 'e>( - node: &'a Node<'b, 'c, 'd>, expected_payment_hash: PaymentHash, expected_rejected_by_dest: bool, - conditions: PaymentFailedConditions<'e> +pub fn expect_payment_failed_conditions_event<'a, 'b, 'c, 'd, 'e>( + node: &'a Node<'b, 'c, 'd>, payment_failed_event: Event, expected_payment_hash: PaymentHash, + expected_rejected_by_dest: bool, conditions: PaymentFailedConditions<'e> ) { - let mut events = node.node.get_and_clear_pending_events(); - assert_eq!(events.len(), 1); - let expected_payment_id = match events.pop().unwrap() { + let expected_payment_id = match payment_failed_event { Event::PaymentPathFailed { payment_hash, rejected_by_dest, path, retry, payment_id, network_update, short_channel_id, #[cfg(test)] error_code, @@ -1603,6 +1601,15 @@ pub fn expect_payment_failed_conditions<'a, 'b, 'c, 'd, 'e>( } } +pub fn expect_payment_failed_conditions<'a, 'b, 'c, 'd, 'e>( + node: &'a Node<'b, 'c, 'd>, expected_payment_hash: PaymentHash, expected_rejected_by_dest: bool, + conditions: PaymentFailedConditions<'e> +) { + let mut events = node.node.get_and_clear_pending_events(); + assert_eq!(events.len(), 1); + expect_payment_failed_conditions_event(node, events.pop().unwrap(), expected_payment_hash, expected_rejected_by_dest, conditions); +} + pub fn send_along_route_with_secret<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, route: Route, expected_paths: &[&[&Node<'a, 'b, 'c>]], recv_value: u64, our_payment_hash: PaymentHash, our_payment_secret: PaymentSecret) -> PaymentId { let payment_id = origin_node.node.send_payment(&route, our_payment_hash, &Some(our_payment_secret)).unwrap(); check_added_monitors!(origin_node, expected_paths.len()); diff --git a/lightning/src/ln/monitor_tests.rs b/lightning/src/ln/monitor_tests.rs index 9be2059a705..67ea07f2abd 100644 --- a/lightning/src/ln/monitor_tests.rs +++ b/lightning/src/ln/monitor_tests.rs @@ -11,6 +11,7 @@ use chain::channelmonitor::{ANTI_REORG_DELAY, Balance}; use chain::transaction::OutPoint; +use chain::chaininterface::LowerBoundedFeeEstimator; use ln::channel; use ln::channelmanager::BREAKDOWN_TIMEOUT; use ln::features::InitFeatures; @@ -228,6 +229,17 @@ fn sorted_vec(mut v: Vec) -> Vec { v } +/// Asserts that `a` and `b` are close, but maybe off by up to 5. +/// This is useful when checking fees and weights on transactions as things may vary by a few based +/// on signature size and signature size estimation being non-exact. +fn fuzzy_assert_eq>(a: V, b: V) { + let a_u64 = a.try_into().map_err(|_| ()).unwrap(); + let b_u64 = b.try_into().map_err(|_| ()).unwrap(); + eprintln!("Checking {} and {} for fuzzy equality", a_u64, b_u64); + assert!(a_u64 >= b_u64 - 5); + assert!(b_u64 >= a_u64 - 5); +} + fn do_test_claim_value_force_close(prev_commitment_tx: bool) { // Tests `get_claimable_balances` with an HTLC across a force-close. // We build a channel with an HTLC pending, then force close the channel and check that the @@ -734,3 +746,649 @@ fn test_balances_on_local_commitment_htlcs() { assert!(nodes[0].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances().is_empty()); test_spendable_output(&nodes[0], &as_txn[1]); } + +fn sorted_vec_with_additions(v_orig: &Vec, extra_ts: &[&T]) -> Vec { + let mut v = v_orig.clone(); + for t in extra_ts { + v.push((*t).clone()); + } + v.sort_unstable(); + v +} + +fn do_test_revoked_counterparty_commitment_balances(confirm_htlc_spend_first: bool) { + // Tests `get_claimable_balances` for revoked counterparty commitment transactions. + let mut chanmon_cfgs = create_chanmon_cfgs(2); + // We broadcast a second-to-latest commitment transaction, without providing the revocation + // secret to the counterparty. However, because we always immediately take the revocation + // secret from the keys_manager, we would panic at broadcast as we're trying to sign a + // transaction which, from the point of view of our keys_manager, is revoked. + chanmon_cfgs[1].keys_manager.disable_revocation_policy_check = true; + let node_cfgs = create_node_cfgs(2, &chanmon_cfgs); + let node_chanmgrs = create_node_chanmgrs(2, &node_cfgs, &[None, None]); + let nodes = create_network(2, &node_cfgs, &node_chanmgrs); + + let (_, _, chan_id, funding_tx) = + create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 1_000_000, 100_000_000, InitFeatures::known(), InitFeatures::known()); + let funding_outpoint = OutPoint { txid: funding_tx.txid(), index: 0 }; + assert_eq!(funding_outpoint.to_channel_id(), chan_id); + + // We create five HTLCs for B to claim against A's revoked commitment transaction: + // + // (1) one for which A is the originator and B knows the preimage + // (2) one for which B is the originator where the HTLC has since timed-out + // (3) one for which B is the originator but where the HTLC has not yet timed-out + // (4) one dust HTLC which is lost in the channel closure + // (5) one that actually isn't in the revoked commitment transaction at all, but was added in + // later commitment transaction updates + // + // Though they could all be claimed in a single claim transaction, due to CLTV timeouts they + // are all currently claimed in separate transactions, which helps us test as we can claim + // HTLCs individually. + + let (claimed_payment_preimage, claimed_payment_hash, ..) = route_payment(&nodes[0], &[&nodes[1]], 3_000_000); + let timeout_payment_hash = route_payment(&nodes[1], &[&nodes[0]], 4_000_000).1; + let dust_payment_hash = route_payment(&nodes[1], &[&nodes[0]], 3_000).1; + + let htlc_cltv_timeout = nodes[0].best_block_info().1 + TEST_FINAL_CLTV + 1; // Note ChannelManager adds one to CLTV timeouts for safety + + connect_blocks(&nodes[0], 10); + connect_blocks(&nodes[1], 10); + + let live_htlc_cltv_timeout = nodes[0].best_block_info().1 + TEST_FINAL_CLTV + 1; // Note ChannelManager adds one to CLTV timeouts for safety + let live_payment_hash = route_payment(&nodes[1], &[&nodes[0]], 5_000_000).1; + + // Get the latest commitment transaction from A and then update the fee to revoke it + let as_revoked_txn = get_local_commitment_txn!(nodes[0], chan_id); + let opt_anchors = get_opt_anchors!(nodes[0], chan_id); + + let chan_feerate = get_feerate!(nodes[0], chan_id) as u64; + + let missing_htlc_cltv_timeout = nodes[0].best_block_info().1 + TEST_FINAL_CLTV + 1; // Note ChannelManager adds one to CLTV timeouts for safety + let missing_htlc_payment_hash = route_payment(&nodes[1], &[&nodes[0]], 2_000_000).1; + + nodes[1].node.claim_funds(claimed_payment_preimage); + expect_payment_claimed!(nodes[1], claimed_payment_hash, 3_000_000); + check_added_monitors!(nodes[1], 1); + let _b_htlc_msgs = get_htlc_update_msgs!(&nodes[1], nodes[0].node.get_our_node_id()); + + connect_blocks(&nodes[0], htlc_cltv_timeout + 1 - 10); + check_closed_broadcast!(nodes[0], true); + check_added_monitors!(nodes[0], 1); + + let mut events = nodes[0].node.get_and_clear_pending_events(); + assert_eq!(events.len(), 6); + let mut failed_payments: HashSet<_> = + [timeout_payment_hash, dust_payment_hash, live_payment_hash, missing_htlc_payment_hash] + .iter().map(|a| *a).collect(); + events.retain(|ev| { + match ev { + Event::HTLCHandlingFailed { failed_next_destination: HTLCDestination::NextHopChannel { node_id, channel_id }, .. } => { + assert_eq!(*channel_id, chan_id); + assert_eq!(*node_id, Some(nodes[1].node.get_our_node_id())); + false + }, + Event::HTLCHandlingFailed { failed_next_destination: HTLCDestination::FailedPayment { payment_hash }, .. } => { + assert!(failed_payments.remove(payment_hash)); + false + }, + _ => true, + } + }); + assert!(failed_payments.is_empty()); + if let Event::PendingHTLCsForwardable { .. } = events[0] {} else { panic!(); } + match &events[1] { + Event::ChannelClosed { reason: ClosureReason::CommitmentTxConfirmed, .. } => {}, + _ => panic!(), + } + + connect_blocks(&nodes[1], htlc_cltv_timeout + 1 - 10); + check_closed_broadcast!(nodes[1], true); + check_added_monitors!(nodes[1], 1); + check_closed_event!(nodes[1], 1, ClosureReason::CommitmentTxConfirmed); + + // Prior to channel closure, B considers the preimage HTLC as its own, and otherwise only + // lists the two on-chain timeout-able HTLCs as claimable balances. + assert_eq!(sorted_vec(vec![Balance::ClaimableOnChannelClose { + claimable_amount_satoshis: 100_000 - 5_000 - 4_000 - 3 - 2_000 + 3_000, + }, Balance::MaybeClaimableHTLCAwaitingTimeout { + claimable_amount_satoshis: 2_000, + claimable_height: missing_htlc_cltv_timeout, + }, Balance::MaybeClaimableHTLCAwaitingTimeout { + claimable_amount_satoshis: 4_000, + claimable_height: htlc_cltv_timeout, + }, Balance::MaybeClaimableHTLCAwaitingTimeout { + claimable_amount_satoshis: 5_000, + claimable_height: live_htlc_cltv_timeout, + }]), + sorted_vec(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + mine_transaction(&nodes[1], &as_revoked_txn[0]); + let mut claim_txn: Vec<_> = nodes[1].tx_broadcaster.txn_broadcasted.lock().unwrap().drain(..).filter(|tx| tx.input.iter().any(|inp| inp.previous_output.txid == as_revoked_txn[0].txid())).collect(); + // Currently the revoked commitment is claimed in four transactions as the HTLCs all expire + // quite soon. + assert_eq!(claim_txn.len(), 4); + claim_txn.sort_unstable_by_key(|tx| tx.output.iter().map(|output| output.value).sum::()); + + // The following constants were determined experimentally + const BS_TO_SELF_CLAIM_EXP_WEIGHT: usize = 483; + const OUTBOUND_HTLC_CLAIM_EXP_WEIGHT: usize = 571; + const INBOUND_HTLC_CLAIM_EXP_WEIGHT: usize = 578; + + // Check that the weight is close to the expected weight. Note that signature sizes vary + // somewhat so it may not always be exact. + fuzzy_assert_eq(claim_txn[0].weight(), OUTBOUND_HTLC_CLAIM_EXP_WEIGHT); + fuzzy_assert_eq(claim_txn[1].weight(), INBOUND_HTLC_CLAIM_EXP_WEIGHT); + fuzzy_assert_eq(claim_txn[2].weight(), INBOUND_HTLC_CLAIM_EXP_WEIGHT); + fuzzy_assert_eq(claim_txn[3].weight(), BS_TO_SELF_CLAIM_EXP_WEIGHT); + + // The expected balance for the next three checks, with the largest-HTLC and to_self output + // claim balances separated out. + let expected_balance = vec![Balance::ClaimableAwaitingConfirmations { + // to_remote output in A's revoked commitment + claimable_amount_satoshis: 100_000 - 5_000 - 4_000 - 3, + confirmation_height: nodes[1].best_block_info().1 + 5, + }, Balance::CounterpartyRevokedOutputClaimable { + claimable_amount_satoshis: 3_000, + }, Balance::CounterpartyRevokedOutputClaimable { + claimable_amount_satoshis: 4_000, + }]; + + let to_self_unclaimed_balance = Balance::CounterpartyRevokedOutputClaimable { + claimable_amount_satoshis: 1_000_000 - 100_000 - 3_000 - chan_feerate * + (channel::commitment_tx_base_weight(opt_anchors) + 3 * channel::COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000, + }; + let to_self_claimed_avail_height; + let largest_htlc_unclaimed_balance = Balance::CounterpartyRevokedOutputClaimable { + claimable_amount_satoshis: 5_000, + }; + let largest_htlc_claimed_avail_height; + + // Once the channel has been closed by A, B now considers all of the commitment transactions' + // outputs as `CounterpartyRevokedOutputClaimable`. + assert_eq!(sorted_vec_with_additions(&expected_balance, &[&to_self_unclaimed_balance, &largest_htlc_unclaimed_balance]), + sorted_vec(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + if confirm_htlc_spend_first { + mine_transaction(&nodes[1], &claim_txn[2]); + largest_htlc_claimed_avail_height = nodes[1].best_block_info().1 + 5; + to_self_claimed_avail_height = nodes[1].best_block_info().1 + 6; // will be claimed in the next block + } else { + // Connect the to_self output claim, taking all of A's non-HTLC funds + mine_transaction(&nodes[1], &claim_txn[3]); + to_self_claimed_avail_height = nodes[1].best_block_info().1 + 5; + largest_htlc_claimed_avail_height = nodes[1].best_block_info().1 + 6; // will be claimed in the next block + } + + let largest_htlc_claimed_balance = Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: 5_000 - chan_feerate * INBOUND_HTLC_CLAIM_EXP_WEIGHT as u64 / 1000, + confirmation_height: largest_htlc_claimed_avail_height, + }; + let to_self_claimed_balance = Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: 1_000_000 - 100_000 - 3_000 - chan_feerate * + (channel::commitment_tx_base_weight(opt_anchors) + 3 * channel::COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000 + - chan_feerate * claim_txn[3].weight() as u64 / 1000, + confirmation_height: to_self_claimed_avail_height, + }; + + if confirm_htlc_spend_first { + assert_eq!(sorted_vec_with_additions(&expected_balance, &[&to_self_unclaimed_balance, &largest_htlc_claimed_balance]), + sorted_vec(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + } else { + assert_eq!(sorted_vec_with_additions(&expected_balance, &[&to_self_claimed_balance, &largest_htlc_unclaimed_balance]), + sorted_vec(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + } + + if confirm_htlc_spend_first { + mine_transaction(&nodes[1], &claim_txn[3]); + } else { + mine_transaction(&nodes[1], &claim_txn[2]); + } + assert_eq!(sorted_vec_with_additions(&expected_balance, &[&to_self_claimed_balance, &largest_htlc_claimed_balance]), + sorted_vec(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + // Finally, connect the last two remaining HTLC spends and check that they move to + // `ClaimableAwaitingConfirmations` + mine_transaction(&nodes[1], &claim_txn[0]); + mine_transaction(&nodes[1], &claim_txn[1]); + + assert_eq!(sorted_vec(vec![Balance::ClaimableAwaitingConfirmations { + // to_remote output in A's revoked commitment + claimable_amount_satoshis: 100_000 - 5_000 - 4_000 - 3, + confirmation_height: nodes[1].best_block_info().1 + 1, + }, Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: 1_000_000 - 100_000 - 3_000 - chan_feerate * + (channel::commitment_tx_base_weight(opt_anchors) + 3 * channel::COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000 + - chan_feerate * claim_txn[3].weight() as u64 / 1000, + confirmation_height: to_self_claimed_avail_height, + }, Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: 3_000 - chan_feerate * OUTBOUND_HTLC_CLAIM_EXP_WEIGHT as u64 / 1000, + confirmation_height: nodes[1].best_block_info().1 + 4, + }, Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: 4_000 - chan_feerate * INBOUND_HTLC_CLAIM_EXP_WEIGHT as u64 / 1000, + confirmation_height: nodes[1].best_block_info().1 + 5, + }, Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: 5_000 - chan_feerate * INBOUND_HTLC_CLAIM_EXP_WEIGHT as u64 / 1000, + confirmation_height: largest_htlc_claimed_avail_height, + }]), + sorted_vec(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + connect_blocks(&nodes[1], 1); + test_spendable_output(&nodes[1], &as_revoked_txn[0]); + + let mut payment_failed_events = nodes[1].node.get_and_clear_pending_events(); + expect_payment_failed_conditions_event(&nodes[1], payment_failed_events.pop().unwrap(), + dust_payment_hash, true, PaymentFailedConditions::new()); + expect_payment_failed_conditions_event(&nodes[1], payment_failed_events.pop().unwrap(), + missing_htlc_payment_hash, true, PaymentFailedConditions::new()); + assert!(payment_failed_events.is_empty()); + + connect_blocks(&nodes[1], 1); + test_spendable_output(&nodes[1], &claim_txn[if confirm_htlc_spend_first { 2 } else { 3 }]); + connect_blocks(&nodes[1], 1); + test_spendable_output(&nodes[1], &claim_txn[if confirm_htlc_spend_first { 3 } else { 2 }]); + expect_payment_failed!(nodes[1], live_payment_hash, true); + connect_blocks(&nodes[1], 1); + test_spendable_output(&nodes[1], &claim_txn[0]); + connect_blocks(&nodes[1], 1); + test_spendable_output(&nodes[1], &claim_txn[1]); + expect_payment_failed!(nodes[1], timeout_payment_hash, true); + assert_eq!(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances(), Vec::new()); +} + +#[test] +fn test_revoked_counterparty_commitment_balances() { + do_test_revoked_counterparty_commitment_balances(true); + do_test_revoked_counterparty_commitment_balances(false); +} + +#[test] +fn test_revoked_counterparty_htlc_tx_balances() { + // Tests `get_claimable_balances` for revocation spends of HTLC transactions. + let mut chanmon_cfgs = create_chanmon_cfgs(2); + chanmon_cfgs[1].keys_manager.disable_revocation_policy_check = true; + let node_cfgs = create_node_cfgs(2, &chanmon_cfgs); + let node_chanmgrs = create_node_chanmgrs(2, &node_cfgs, &[None, None]); + let nodes = create_network(2, &node_cfgs, &node_chanmgrs); + + // Create some initial channels + let (_, _, chan_id, funding_tx) = + create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 1_000_000, 11_000_000, InitFeatures::known(), InitFeatures::known()); + let funding_outpoint = OutPoint { txid: funding_tx.txid(), index: 0 }; + assert_eq!(funding_outpoint.to_channel_id(), chan_id); + + let payment_preimage = route_payment(&nodes[0], &[&nodes[1]], 3_000_000).0; + let failed_payment_hash = route_payment(&nodes[1], &[&nodes[0]], 1_000_000).1; + let revoked_local_txn = get_local_commitment_txn!(nodes[1], chan_id); + assert_eq!(revoked_local_txn[0].input.len(), 1); + assert_eq!(revoked_local_txn[0].input[0].previous_output.txid, funding_tx.txid()); + + // The to-be-revoked commitment tx should have two HTLCs and an output for both sides + assert_eq!(revoked_local_txn[0].output.len(), 4); + + claim_payment(&nodes[0], &[&nodes[1]], payment_preimage); + + let chan_feerate = get_feerate!(nodes[0], chan_id) as u64; + let opt_anchors = get_opt_anchors!(nodes[0], chan_id); + + // B will generate an HTLC-Success from its revoked commitment tx + mine_transaction(&nodes[1], &revoked_local_txn[0]); + check_closed_broadcast!(nodes[1], true); + check_added_monitors!(nodes[1], 1); + check_closed_event!(nodes[1], 1, ClosureReason::CommitmentTxConfirmed); + let revoked_htlc_success_txn = nodes[1].tx_broadcaster.txn_broadcasted.lock().unwrap().split_off(0); + + assert_eq!(revoked_htlc_success_txn.len(), 2); + assert_eq!(revoked_htlc_success_txn[0].input.len(), 1); + assert_eq!(revoked_htlc_success_txn[0].input[0].witness.last().unwrap().len(), ACCEPTED_HTLC_SCRIPT_WEIGHT); + check_spends!(revoked_htlc_success_txn[0], revoked_local_txn[0]); + check_spends!(revoked_htlc_success_txn[1], funding_tx); + + connect_blocks(&nodes[1], TEST_FINAL_CLTV); + let revoked_htlc_timeout_txn = nodes[1].tx_broadcaster.txn_broadcasted.lock().unwrap().split_off(0); + assert_eq!(revoked_htlc_timeout_txn.len(), 1); + check_spends!(revoked_htlc_timeout_txn[0], revoked_local_txn[0]); + assert_ne!(revoked_htlc_success_txn[0].input[0].previous_output, revoked_htlc_timeout_txn[0].input[0].previous_output); + assert_eq!(revoked_htlc_success_txn[0].lock_time.0, 0); + assert_ne!(revoked_htlc_timeout_txn[0].lock_time.0, 0); + + // A will generate justice tx from B's revoked commitment/HTLC tx + mine_transaction(&nodes[0], &revoked_local_txn[0]); + check_closed_broadcast!(nodes[0], true); + check_added_monitors!(nodes[0], 1); + check_closed_event!(nodes[0], 1, ClosureReason::CommitmentTxConfirmed); + let to_remote_conf_height = nodes[0].best_block_info().1 + ANTI_REORG_DELAY - 1; + + let as_commitment_claim_txn = nodes[0].tx_broadcaster.txn_broadcasted.lock().unwrap().split_off(0); + assert_eq!(as_commitment_claim_txn.len(), 2); + check_spends!(as_commitment_claim_txn[0], revoked_local_txn[0]); + check_spends!(as_commitment_claim_txn[1], funding_tx); + + // The next two checks have the same balance set for A - even though we confirm a revoked HTLC + // transaction our balance tracking doesn't use the on-chain value so the + // `CounterpartyRevokedOutputClaimable` entry doesn't change. + let as_balances = sorted_vec(vec![Balance::ClaimableAwaitingConfirmations { + // to_remote output in B's revoked commitment + claimable_amount_satoshis: 1_000_000 - 11_000 - 3_000 - chan_feerate * + (channel::commitment_tx_base_weight(opt_anchors) + 2 * channel::COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000, + confirmation_height: to_remote_conf_height, + }, Balance::CounterpartyRevokedOutputClaimable { + // to_self output in B's revoked commitment + claimable_amount_satoshis: 10_000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 1 + claimable_amount_satoshis: 3_000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 2 + claimable_amount_satoshis: 1_000, + }]); + assert_eq!(as_balances, + sorted_vec(nodes[0].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + mine_transaction(&nodes[0], &revoked_htlc_success_txn[0]); + let as_htlc_claim_tx = nodes[0].tx_broadcaster.txn_broadcasted.lock().unwrap().split_off(0); + assert_eq!(as_htlc_claim_tx.len(), 2); + check_spends!(as_htlc_claim_tx[0], revoked_htlc_success_txn[0]); + check_spends!(as_htlc_claim_tx[1], revoked_local_txn[0]); // A has to generate a new claim for the remaining revoked + // outputs (which no longer includes the spent HTLC output) + + assert_eq!(as_balances, + sorted_vec(nodes[0].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + assert_eq!(as_htlc_claim_tx[0].output.len(), 1); + fuzzy_assert_eq(as_htlc_claim_tx[0].output[0].value, + 3_000 - chan_feerate * (revoked_htlc_success_txn[0].weight() + as_htlc_claim_tx[0].weight()) as u64 / 1000); + + mine_transaction(&nodes[0], &as_htlc_claim_tx[0]); + assert_eq!(sorted_vec(vec![Balance::ClaimableAwaitingConfirmations { + // to_remote output in B's revoked commitment + claimable_amount_satoshis: 1_000_000 - 11_000 - 3_000 - chan_feerate * + (channel::commitment_tx_base_weight(opt_anchors) + 2 * channel::COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000, + confirmation_height: to_remote_conf_height, + }, Balance::CounterpartyRevokedOutputClaimable { + // to_self output in B's revoked commitment + claimable_amount_satoshis: 10_000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 2 + claimable_amount_satoshis: 1_000, + }, Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: as_htlc_claim_tx[0].output[0].value, + confirmation_height: nodes[0].best_block_info().1 + ANTI_REORG_DELAY - 1, + }]), + sorted_vec(nodes[0].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + connect_blocks(&nodes[0], ANTI_REORG_DELAY - 3); + test_spendable_output(&nodes[0], &revoked_local_txn[0]); + assert_eq!(sorted_vec(vec![Balance::CounterpartyRevokedOutputClaimable { + // to_self output to B + claimable_amount_satoshis: 10_000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 2 + claimable_amount_satoshis: 1_000, + }, Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: as_htlc_claim_tx[0].output[0].value, + confirmation_height: nodes[0].best_block_info().1 + 2, + }]), + sorted_vec(nodes[0].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + connect_blocks(&nodes[0], 2); + test_spendable_output(&nodes[0], &as_htlc_claim_tx[0]); + assert_eq!(sorted_vec(vec![Balance::CounterpartyRevokedOutputClaimable { + // to_self output in B's revoked commitment + claimable_amount_satoshis: 10_000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 2 + claimable_amount_satoshis: 1_000, + }]), + sorted_vec(nodes[0].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + connect_blocks(&nodes[0], revoked_htlc_timeout_txn[0].lock_time.0 - nodes[0].best_block_info().1); + expect_pending_htlcs_forwardable_and_htlc_handling_failed_ignore!(&nodes[0], + [HTLCDestination::FailedPayment { payment_hash: failed_payment_hash }]); + // As time goes on A may split its revocation claim transaction into multiple. + let as_fewer_input_rbf = nodes[0].tx_broadcaster.txn_broadcasted.lock().unwrap().split_off(0); + for tx in as_fewer_input_rbf.iter() { + check_spends!(tx, revoked_local_txn[0]); + } + + // Connect a number of additional blocks to ensure we don't forget the HTLC output needs + // claiming. + connect_blocks(&nodes[0], ANTI_REORG_DELAY - 1); + let as_fewer_input_rbf = nodes[0].tx_broadcaster.txn_broadcasted.lock().unwrap().split_off(0); + for tx in as_fewer_input_rbf.iter() { + check_spends!(tx, revoked_local_txn[0]); + } + + mine_transaction(&nodes[0], &revoked_htlc_timeout_txn[0]); + let as_second_htlc_claim_tx = nodes[0].tx_broadcaster.txn_broadcasted.lock().unwrap().split_off(0); + assert_eq!(as_second_htlc_claim_tx.len(), 2); + + check_spends!(as_second_htlc_claim_tx[0], revoked_htlc_timeout_txn[0]); + check_spends!(as_second_htlc_claim_tx[1], revoked_local_txn[0]); + + // Connect blocks to finalize the HTLC resolution with the HTLC-Timeout transaction. In a + // previous iteration of the revoked balance handling this would result in us "forgetting" that + // the revoked HTLC output still needed to be claimed. + connect_blocks(&nodes[0], ANTI_REORG_DELAY - 1); + assert_eq!(sorted_vec(vec![Balance::CounterpartyRevokedOutputClaimable { + // to_self output in B's revoked commitment + claimable_amount_satoshis: 10_000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 2 + claimable_amount_satoshis: 1_000, + }]), + sorted_vec(nodes[0].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + mine_transaction(&nodes[0], &as_second_htlc_claim_tx[0]); + assert_eq!(sorted_vec(vec![Balance::CounterpartyRevokedOutputClaimable { + // to_self output in B's revoked commitment + claimable_amount_satoshis: 10_000, + }, Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: as_second_htlc_claim_tx[0].output[0].value, + confirmation_height: nodes[0].best_block_info().1 + ANTI_REORG_DELAY - 1, + }]), + sorted_vec(nodes[0].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + mine_transaction(&nodes[0], &as_second_htlc_claim_tx[1]); + assert_eq!(sorted_vec(vec![Balance::ClaimableAwaitingConfirmations { + // to_self output in B's revoked commitment + claimable_amount_satoshis: as_second_htlc_claim_tx[1].output[0].value, + confirmation_height: nodes[0].best_block_info().1 + ANTI_REORG_DELAY - 1, + }, Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: as_second_htlc_claim_tx[0].output[0].value, + confirmation_height: nodes[0].best_block_info().1 + ANTI_REORG_DELAY - 2, + }]), + sorted_vec(nodes[0].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + connect_blocks(&nodes[0], ANTI_REORG_DELAY - 2); + test_spendable_output(&nodes[0], &as_second_htlc_claim_tx[0]); + connect_blocks(&nodes[0], 1); + test_spendable_output(&nodes[0], &as_second_htlc_claim_tx[1]); + + assert_eq!(nodes[0].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances(), Vec::new()); +} + +#[test] +fn test_revoked_counterparty_aggregated_claims() { + // Tests `get_claimable_balances` for revoked counterparty commitment transactions when + // claiming with an aggregated claim transaction. + let mut chanmon_cfgs = create_chanmon_cfgs(2); + // We broadcast a second-to-latest commitment transaction, without providing the revocation + // secret to the counterparty. However, because we always immediately take the revocation + // secret from the keys_manager, we would panic at broadcast as we're trying to sign a + // transaction which, from the point of view of our keys_manager, is revoked. + chanmon_cfgs[1].keys_manager.disable_revocation_policy_check = true; + let node_cfgs = create_node_cfgs(2, &chanmon_cfgs); + let node_chanmgrs = create_node_chanmgrs(2, &node_cfgs, &[None, None]); + let nodes = create_network(2, &node_cfgs, &node_chanmgrs); + + let (_, _, chan_id, funding_tx) = + create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 1_000_000, 100_000_000, InitFeatures::known(), InitFeatures::known()); + let funding_outpoint = OutPoint { txid: funding_tx.txid(), index: 0 }; + assert_eq!(funding_outpoint.to_channel_id(), chan_id); + + // We create two HTLCs, one which we will give A the preimage to to generate an HTLC-Success + // transaction, and one which we will not, allowing B to claim the HTLC output in an aggregated + // revocation-claim transaction. + + let (claimed_payment_preimage, claimed_payment_hash, ..) = route_payment(&nodes[1], &[&nodes[0]], 3_000_000); + let revoked_payment_hash = route_payment(&nodes[1], &[&nodes[0]], 4_000_000).1; + + let htlc_cltv_timeout = nodes[1].best_block_info().1 + TEST_FINAL_CLTV + 1; // Note ChannelManager adds one to CLTV timeouts for safety + + // Cheat by giving A's ChannelMonitor the preimage to the to-be-claimed HTLC so that we have an + // HTLC-claim transaction on the to-be-revoked state. + get_monitor!(nodes[0], chan_id).provide_payment_preimage(&claimed_payment_hash, &claimed_payment_preimage, + &node_cfgs[0].tx_broadcaster, &LowerBoundedFeeEstimator::new(node_cfgs[0].fee_estimator), &nodes[0].logger); + + // Now get the latest commitment transaction from A and then update the fee to revoke it + let as_revoked_txn = get_local_commitment_txn!(nodes[0], chan_id); + + assert_eq!(as_revoked_txn.len(), 2); + check_spends!(as_revoked_txn[0], funding_tx); + check_spends!(as_revoked_txn[1], as_revoked_txn[0]); // The HTLC-Claim transaction + + let opt_anchors = get_opt_anchors!(nodes[0], chan_id); + let chan_feerate = get_feerate!(nodes[0], chan_id) as u64; + + { + let mut feerate = chanmon_cfgs[0].fee_estimator.sat_per_kw.lock().unwrap(); + *feerate += 1; + } + nodes[0].node.timer_tick_occurred(); + check_added_monitors!(nodes[0], 1); + + let fee_update = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id()); + nodes[1].node.handle_update_fee(&nodes[0].node.get_our_node_id(), &fee_update.update_fee.unwrap()); + commitment_signed_dance!(nodes[1], nodes[0], fee_update.commitment_signed, false); + + nodes[0].node.claim_funds(claimed_payment_preimage); + expect_payment_claimed!(nodes[0], claimed_payment_hash, 3_000_000); + check_added_monitors!(nodes[0], 1); + let _a_htlc_msgs = get_htlc_update_msgs!(&nodes[0], nodes[1].node.get_our_node_id()); + + assert_eq!(sorted_vec(vec![Balance::ClaimableOnChannelClose { + claimable_amount_satoshis: 100_000 - 4_000 - 3_000, + }, Balance::MaybeClaimableHTLCAwaitingTimeout { + claimable_amount_satoshis: 4_000, + claimable_height: htlc_cltv_timeout, + }, Balance::MaybeClaimableHTLCAwaitingTimeout { + claimable_amount_satoshis: 3_000, + claimable_height: htlc_cltv_timeout, + }]), + sorted_vec(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + mine_transaction(&nodes[1], &as_revoked_txn[0]); + check_closed_broadcast!(nodes[1], true); + check_closed_event!(nodes[1], 1, ClosureReason::CommitmentTxConfirmed); + check_added_monitors!(nodes[1], 1); + + let mut claim_txn: Vec<_> = nodes[1].tx_broadcaster.txn_broadcasted.lock().unwrap().drain(..).filter(|tx| tx.input.iter().any(|inp| inp.previous_output.txid == as_revoked_txn[0].txid())).collect(); + // Currently the revoked commitment outputs are all claimed in one aggregated transaction + assert_eq!(claim_txn.len(), 1); + assert_eq!(claim_txn[0].input.len(), 3); + check_spends!(claim_txn[0], as_revoked_txn[0]); + + let to_remote_maturity = nodes[1].best_block_info().1 + ANTI_REORG_DELAY - 1; + + assert_eq!(sorted_vec(vec![Balance::ClaimableAwaitingConfirmations { + // to_remote output in A's revoked commitment + claimable_amount_satoshis: 100_000 - 4_000 - 3_000, + confirmation_height: to_remote_maturity, + }, Balance::CounterpartyRevokedOutputClaimable { + // to_self output in A's revoked commitment + claimable_amount_satoshis: 1_000_000 - 100_000 - chan_feerate * + (channel::commitment_tx_base_weight(opt_anchors) + 2 * channel::COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 1 + claimable_amount_satoshis: 4_000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 2 + claimable_amount_satoshis: 3_000, + }]), + sorted_vec(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + // Confirm A's HTLC-Success tranasction which presumably raced B's claim, causing B to create a + // new claim. + mine_transaction(&nodes[1], &as_revoked_txn[1]); + expect_payment_sent!(nodes[1], claimed_payment_preimage); + let mut claim_txn_2: Vec<_> = nodes[1].tx_broadcaster.txn_broadcasted.lock().unwrap().clone(); + claim_txn_2.sort_unstable_by_key(|tx| if tx.input.iter().any(|inp| inp.previous_output.txid == as_revoked_txn[0].txid()) { 0 } else { 1 }); + // Once B sees the HTLC-Success transaction it splits its claim transaction into two, though in + // theory it could re-aggregate the claims as well. + assert_eq!(claim_txn_2.len(), 2); + assert_eq!(claim_txn_2[0].input.len(), 2); + check_spends!(claim_txn_2[0], as_revoked_txn[0]); + assert_eq!(claim_txn_2[1].input.len(), 1); + check_spends!(claim_txn_2[1], as_revoked_txn[1]); + + assert_eq!(sorted_vec(vec![Balance::ClaimableAwaitingConfirmations { + // to_remote output in A's revoked commitment + claimable_amount_satoshis: 100_000 - 4_000 - 3_000, + confirmation_height: to_remote_maturity, + }, Balance::CounterpartyRevokedOutputClaimable { + // to_self output in A's revoked commitment + claimable_amount_satoshis: 1_000_000 - 100_000 - chan_feerate * + (channel::commitment_tx_base_weight(opt_anchors) + 2 * channel::COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 1 + claimable_amount_satoshis: 4_000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 2 + // The amount here is a bit of a misnomer, really its been reduced by the HTLC + // transaction fee, but the claimable amount is always a bit of an overshoot for HTLCs + // anyway, so its not a big change. + claimable_amount_satoshis: 3_000, + }]), + sorted_vec(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + connect_blocks(&nodes[1], 5); + test_spendable_output(&nodes[1], &as_revoked_txn[0]); + + assert_eq!(sorted_vec(vec![Balance::CounterpartyRevokedOutputClaimable { + // to_self output in A's revoked commitment + claimable_amount_satoshis: 1_000_000 - 100_000 - chan_feerate * + (channel::commitment_tx_base_weight(opt_anchors) + 2 * channel::COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 1 + claimable_amount_satoshis: 4_000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 2 + // The amount here is a bit of a misnomer, really its been reduced by the HTLC + // transaction fee, but the claimable amount is always a bit of an overshoot for HTLCs + // anyway, so its not a big change. + claimable_amount_satoshis: 3_000, + }]), + sorted_vec(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + mine_transaction(&nodes[1], &claim_txn_2[1]); + let htlc_2_claim_maturity = nodes[1].best_block_info().1 + ANTI_REORG_DELAY - 1; + + assert_eq!(sorted_vec(vec![Balance::CounterpartyRevokedOutputClaimable { + // to_self output in A's revoked commitment + claimable_amount_satoshis: 1_000_000 - 100_000 - chan_feerate * + (channel::commitment_tx_base_weight(opt_anchors) + 2 * channel::COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 1 + claimable_amount_satoshis: 4_000, + }, Balance::ClaimableAwaitingConfirmations { // HTLC 2 + claimable_amount_satoshis: claim_txn_2[1].output[0].value, + confirmation_height: htlc_2_claim_maturity, + }]), + sorted_vec(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + connect_blocks(&nodes[1], 5); + test_spendable_output(&nodes[1], &claim_txn_2[1]); + + assert_eq!(sorted_vec(vec![Balance::CounterpartyRevokedOutputClaimable { + // to_self output in A's revoked commitment + claimable_amount_satoshis: 1_000_000 - 100_000 - chan_feerate * + (channel::commitment_tx_base_weight(opt_anchors) + 2 * channel::COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000, + }, Balance::CounterpartyRevokedOutputClaimable { // HTLC 1 + claimable_amount_satoshis: 4_000, + }]), + sorted_vec(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances())); + + mine_transaction(&nodes[1], &claim_txn_2[0]); + let rest_claim_maturity = nodes[1].best_block_info().1 + ANTI_REORG_DELAY - 1; + + assert_eq!(vec![Balance::ClaimableAwaitingConfirmations { + claimable_amount_satoshis: claim_txn_2[0].output[0].value, + confirmation_height: rest_claim_maturity, + }], + nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances()); + + assert!(nodes[1].node.get_and_clear_pending_events().is_empty()); // We shouldn't fail the payment until we spend the output + + connect_blocks(&nodes[1], 5); + expect_payment_failed!(nodes[1], revoked_payment_hash, true); + test_spendable_output(&nodes[1], &claim_txn_2[0]); + assert!(nodes[1].chain_monitor.chain_monitor.get_monitor(funding_outpoint).unwrap().get_claimable_balances().is_empty()); +} diff --git a/lightning/src/ln/reorg_tests.rs b/lightning/src/ln/reorg_tests.rs index cbf920f587d..e4b916c9345 100644 --- a/lightning/src/ln/reorg_tests.rs +++ b/lightning/src/ln/reorg_tests.rs @@ -130,7 +130,8 @@ fn do_test_onchain_htlc_reorg(local_commitment: bool, claim: bool) { assert_eq!(nodes[1].node.get_and_clear_pending_events().len(), 0); if claim { - disconnect_blocks(&nodes[1], ANTI_REORG_DELAY - 2); + // Disconnect Node 1's HTLC-Timeout which was connected above + disconnect_blocks(&nodes[1], ANTI_REORG_DELAY - 1); let block = Block { header: BlockHeader { version: 0x20000000, prev_blockhash: nodes[1].best_block_hash(), merkle_root: TxMerkleNode::all_zeros(), time: 42, bits: 42, nonce: 42 },