Introduce RenegotiatedFunding monitor update variant #3822
Conversation
|
👋 I see @TheBlueMatt was un-assigned. |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #3822 +/- ##
==========================================
- Coverage 89.74% 89.62% -0.13%
==========================================
Files 164 164
Lines 133079 133290 +211
Branches 133079 133290 +211
==========================================
+ Hits 119437 119459 +22
- Misses 10960 11141 +181
- Partials 2682 2690 +8 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
👋 The first review has been submitted! Do you think this PR is ready for a second reviewer? If so, click here to assign a second reviewer. |
wpaulino
force-pushed
the
renegotiated-funding-monitor-update
branch
from
6c78591 to
ac8c8c5
Compare
wpaulino
force-pushed
the
renegotiated-funding-monitor-update
branch
from
ac8c8c5 to
5f0709f
Compare
|
🔔 1st Reminder Hey @TheBlueMatt @jkczyz! This PR has been waiting for your review. |
| @@ -1677,7 +1677,33 @@ impl<SP: Deref> Channel<SP> where | |||
| res | |||
| }, | |||
| ChannelPhase::Funded(mut funded_channel) => { | |||
| let res = funded_channel.commitment_signed(msg, logger).map(|monitor_update_opt| (None, monitor_update_opt)); | |||
| #[cfg(splicing)] | |||
There was a problem hiding this comment.
Sheesh, is it too late to make this a new damn message? We now have three totally separate handling logic for commitment_signed, and this one doesn't even make any sense - we're receiving a single commitment_signed but we actually need two if we were in a normal state...
There was a problem hiding this comment.
Sheesh, is it too late to make this a new damn message?
Probably not? Would be a trivial thing to change, but it would basically be a copy of the commitment_signed message.
this one doesn't even make any sense - we're receiving a single commitment_signed but we actually need two if we were in a normal state...
I'm not following, what do you mean by "normal state"? This is handling the case where we haven't finished negotiating a splice transaction. We expect a single commitment_signed to be exchanged for the alternative commitments at the current commitment number. After the negotiation finishes, if we're expecting a batch and they didn't send it, we'll fail the channel. If we're not expecting a batch and they did send it, we'll also fail the channel.
lightning/src/ln/channel.rs
Outdated
| pending_splice_funding, &self.holder_commitment_point, msg, logger, | ||
| )?; | ||
|
|
||
| let counterparty_commitment_tx = self.context.build_commitment_transaction( |
There was a problem hiding this comment.
Bleh, we already build the commitment tx in validate_commitment_signed, lets not do it again.
There was a problem hiding this comment.
We need to build both, validate_commitment_signed builds the holder one, this builds the counterparty one
wpaulino
force-pushed
the
renegotiated-funding-monitor-update
branch
from
5f0709f to
689d0c1
Compare
wpaulino
force-pushed
the
renegotiated-funding-monitor-update
branch
from
689d0c1 to
4a38fd2
Compare
|
🔔 2nd Reminder Hey @TheBlueMatt @jkczyz! This PR has been waiting for your review. |
|
🔔 3rd Reminder Hey @TheBlueMatt @jkczyz! This PR has been waiting for your review. |
|
🔔 1st Reminder Hey @TheBlueMatt @jkczyz! This PR has been waiting for your review. |
wpaulino
force-pushed
the
renegotiated-funding-monitor-update
branch
from
4a38fd2 to
b274f78
Compare
| for (alternative_htlc, (htlc, _)) in | ||
| alternative_htlcs.iter().zip(htlcs_with_sources.iter_mut()) | ||
| { | ||
| debug_assert!(htlc.transaction_output_index.is_some()); |
There was a problem hiding this comment.
The transaction_output_index.is_some() checks are more of an internal assertion, since there's a guarantee that CommitmentTransaction::nondust_htlcs returns HTLCs with their indices populated. The is_data_equal check should definitely return an error though.
| debug_assert!(alternative_htlc.transaction_output_index.is_some()); | ||
| debug_assert!(alternative_htlc.is_data_equal(htlc)); | ||
| htlc.transaction_output_index = alternative_htlc.transaction_output_index; | ||
| } |
There was a problem hiding this comment.
Should we further check that all alternative htlcs that were not considered have no output index?
There was a problem hiding this comment.
The alternative HTLCs (coming from the alternative counterparty commitment transaction) are non-dust only. The other HTLC data is coming from counterparty_claimable_outpoints which has already gone through validation.
|
Needs rebase, it seems. |
wpaulino
force-pushed
the
renegotiated-funding-monitor-update
branch
from
b274f78 to
a201837
Compare
wpaulino
requested review from
TheBlueMatt and
tankyleo
and removed request for
jkczyz
| msg, | ||
| logger, | ||
| )?; | ||
| let counterparty_commitment_tx = self |
There was a problem hiding this comment.
We just built the commitment tx in validate_commitment_signed, let's not re-build it here.
There was a problem hiding this comment.
They're not the same transaction, one is the holder and the other the counterparty
There was a problem hiding this comment.
Hmm, okay this could use some comments, I think. So when we go to splice we (a) negotiate the new funding, then (b) exchange commitment_signed messages, then (c) exchange our new-funding-tx signatures.
AFAIU, the intent is that we'll update both the local and remote commitment txn after we receive the peer's commitment_signed at the end of (b), with a monitor update blocker preventing us from going to (c). This saves the extra monitor update when sending the commitment_signed at the start of (b). But ultimately we should have a comment, IMO, describing that the commitment_signed we sent at the top of (b) and the commitment we generate here are guaranteed to be identical (because we pause the state machine until we finish (c), I imagine?)
This is a new `ChannelMonitorUpdateStep` variant intended to be used whenever a new funding transaction for the channel has been negotiated via the `InteractiveTxConstructor`. This commit primarily focuses on its use for splices, but future work will expand where needed to support RBFs (both for the initial dual funding transaction, and splice transactions). To draw a parallel to channel open, we generally want to have the commitment transactions negotiated for the funding transaction and committed to the respective `ChannelMonitor` before attempting to sign the funding transaction itself. This monitor update fulfills this need for a newly negotiated splice; it includes both the new holder and counterparty commitment transactions, and the new set of applicable `ChannelTransactionParameters`. Once the monitor update has been applied to the monitor and persisted, we allow the release of our `tx_signatures` for the splice transaction to wait for its confirmation.
wpaulino
force-pushed
the
renegotiated-funding-monitor-update
branch
from
a201837 to
a94ac4c
Compare
This is a new
ChannelMonitorUpdateStepvariant intended to be used whenever a new funding transaction for the channel has been negotiated via theInteractiveTxConstructor. This commit primarily focuses on its use for splices, but future work will expand where needed to support RBFs (both for the initial dual funding transaction, and splice transactions).To draw a parallel to channel open, we generally want to have the commitment transactions negotiated for the funding transaction and committed to the respective
ChannelMonitorbefore attempting to sign the funding transaction itself. This monitor update fulfills this need for a newly negotiated splice; it includes both the new holder and counterparty commitment transactions, and the new set of applicableChannelTransactionParameters. Once the monitor update has been applied to the monitor and persisted, we allow the release of ourtx_signaturesfor the splice transaction to wait for its confirmation.Depends on #3774.