lightningdevkit
diff --git a/‎lightning/src/chain/channelmonitor.rs
+112-54 b/‎lightning/src/chain/channelmonitor.rs
+112-54
diff --git a/‎lightning/src/chain/onchaintx.rs
+19 b/‎lightning/src/chain/onchaintx.rs
+19
@@ -2666,18 +2666,59 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 		}
 	}
 
-	fn broadcast_latest_holder_commitment_txn<B: Deref, L: Deref>(&mut self, broadcaster: &B, logger: &WithChannelMonitor<L>)
-		where B::Target: BroadcasterInterface,
-			L::Target: Logger,
-	{
-		let commit_txs = self.get_latest_holder_commitment_txn(logger);
-		let mut txs = vec![];
-		for tx in commit_txs.iter() {
-			log_info!(logger, "Broadcasting local {}", log_tx!(tx));
-			txs.push(tx);
-		}
-		broadcaster.broadcast_transactions(&txs);
+	fn generate_claimable_outpoints_and_watch_outputs(&mut self) -> (Vec<PackageTemplate>, Vec<TransactionOutputs>) {
+		let funding_outp = HolderFundingOutput::build(
+			self.funding_redeemscript.clone(),
+			self.channel_value_satoshis,
+			self.onchain_tx_handler.channel_type_features().clone()
+		);
+		let commitment_package = PackageTemplate::build_package(
+			self.funding_info.0.txid.clone(), self.funding_info.0.index as u32,
+			PackageSolvingData::HolderFundingOutput(funding_outp),
+			self.best_block.height(), self.best_block.height()
+		);
+		let mut claimable_outpoints = vec![commitment_package];
 		self.pending_monitor_events.push(MonitorEvent::HolderForceClosed(self.funding_info.0));
+		// Although we aren't signing the transaction directly here, the transaction will be signed
+		// in the claim that is queued to OnchainTxHandler. We set holder_tx_signed here to reject
+		// new channel updates.
+		self.holder_tx_signed = true;
+		let mut watch_outputs = Vec::new();
+		// We can't broadcast our HTLC transactions while the commitment transaction is
+		// unconfirmed. We'll delay doing so until we detect the confirmed commitment in
+		// `transactions_confirmed`.
+		if !self.onchain_tx_handler.channel_type_features().supports_anchors_zero_fee_htlc_tx() {
+			// Because we're broadcasting a commitment transaction, we should construct the package
+			// assuming it gets confirmed in the next block. Sadly, we have code which considers
+			// "not yet confirmed" things as discardable, so we cannot do that here.
+			let (mut new_outpoints, _) = self.get_broadcasted_holder_claims(
+				&self.current_holder_commitment_tx, self.best_block.height()
+			);
+			let unsigned_commitment_tx = self.onchain_tx_handler.get_unsigned_holder_commitment_tx();
+			let new_outputs = self.get_broadcasted_holder_watch_outputs(
+				&self.current_holder_commitment_tx, &unsigned_commitment_tx
+			);
+			if !new_outputs.is_empty() {
+				watch_outputs.push((self.current_holder_commitment_tx.txid.clone(), new_outputs));
+			}
+			claimable_outpoints.append(&mut new_outpoints);
+		}
+		(claimable_outpoints, watch_outputs)
+	}
+
+	pub(crate) fn queue_latest_holder_commitment_txn_for_broadcast<B: Deref, F: Deref, L: Deref>(
+		&mut self, broadcaster: &B, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &WithChannelMonitor<L>
+	)
+	where
+		B::Target: BroadcasterInterface,
+		F::Target: FeeEstimator,
+		L::Target: Logger,
+	{
+		let (claimable_outpoints, _) = self.generate_claimable_outpoints_and_watch_outputs();
+		self.onchain_tx_handler.update_claims_view_from_requests(
+			claimable_outpoints, self.best_block.height(), self.best_block.height(), broadcaster,
+			fee_estimator, logger
+		);
 	}
 
 	fn update_monitor<B: Deref, F: Deref, L: Deref>(
@@ -2767,26 +2808,7 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 							log_trace!(logger, "Avoiding commitment broadcast, already detected confirmed spend onchain");
 							continue;
 						}
-						self.broadcast_latest_holder_commitment_txn(broadcaster, logger);
-						// If the channel supports anchor outputs, we'll need to emit an external
-						// event to be consumed such that a child transaction is broadcast with a
-						// high enough feerate for the parent commitment transaction to confirm.
-						if self.onchain_tx_handler.channel_type_features().supports_anchors_zero_fee_htlc_tx() {
-							let funding_output = HolderFundingOutput::build(
-								self.funding_redeemscript.clone(), self.channel_value_satoshis,
-								self.onchain_tx_handler.channel_type_features().clone(),
-							);
-							let best_block_height = self.best_block.height();
-							let commitment_package = PackageTemplate::build_package(
-								self.funding_info.0.txid.clone(), self.funding_info.0.index as u32,
-								PackageSolvingData::HolderFundingOutput(funding_output),
-								best_block_height, best_block_height
-							);
-							self.onchain_tx_handler.update_claims_view_from_requests(
-								vec![commitment_package], best_block_height, best_block_height,
-								broadcaster, &bounded_fee_estimator, logger,
-							);
-						}
+						self.queue_latest_holder_commitment_txn_for_broadcast(broadcaster, &bounded_fee_estimator, logger);
 					} else if !self.holder_tx_signed {
 						log_error!(logger, "WARNING: You have a potentially-unsafe holder commitment transaction available to broadcast");
 						log_error!(logger, "    in channel monitor for channel {}!", &self.funding_info.0.to_channel_id());
@@ -3363,6 +3385,58 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 		}
 	}
 
+	/// Cancels any existing pending claims for a commitment that previously confirmed and has now
+	/// been replaced by another.
+	pub fn cancel_prev_commitment_claims<L: Deref>(
+		&mut self, logger: &L, confirmed_commitment_txid: &Txid
+	) where L::Target: Logger {
+		for (counterparty_commitment_txid, _) in &self.counterparty_commitment_txn_on_chain {
+			// Cancel any pending claims for counterparty commitments we've seen confirm.
+			if counterparty_commitment_txid == confirmed_commitment_txid {
+				continue;
+			}
+			for (htlc, _) in self.counterparty_claimable_outpoints.get(counterparty_commitment_txid).unwrap_or(&vec![]) {
+				log_trace!(logger, "Canceling claims for previously confirmed counterparty commitment {}",
+					counterparty_commitment_txid);
+				let mut outpoint = BitcoinOutPoint { txid: *counterparty_commitment_txid, vout: 0 };
+				if let Some(vout) = htlc.transaction_output_index {
+					outpoint.vout = vout;
+					self.onchain_tx_handler.abandon_claim(&outpoint);
+				}
+			}
+		}
+		if self.holder_tx_signed {
+			// If we've signed, we may have broadcast either commitment (prev or current), and
+			// attempted to claim from it immediately without waiting for a confirmation.
+			if self.current_holder_commitment_tx.txid != *confirmed_commitment_txid {
+				log_trace!(logger, "Canceling claims for previously broadcast holder commitment {}",
+					self.current_holder_commitment_tx.txid);
+				let mut outpoint = BitcoinOutPoint { txid: self.current_holder_commitment_tx.txid, vout: 0 };
+				for (htlc, _, _) in &self.current_holder_commitment_tx.htlc_outputs {
+					if let Some(vout) = htlc.transaction_output_index {
+						outpoint.vout = vout;
+						self.onchain_tx_handler.abandon_claim(&outpoint);
+					}
+				}
+			}
+			if let Some(prev_holder_commitment_tx) = &self.prev_holder_signed_commitment_tx {
+				if prev_holder_commitment_tx.txid != *confirmed_commitment_txid {
+					log_trace!(logger, "Canceling claims for previously broadcast holder commitment {}",
+						prev_holder_commitment_tx.txid);
+					let mut outpoint = BitcoinOutPoint { txid: prev_holder_commitment_tx.txid, vout: 0 };
+					for (htlc, _, _) in &prev_holder_commitment_tx.htlc_outputs {
+						if let Some(vout) = htlc.transaction_output_index {
+							outpoint.vout = vout;
+							self.onchain_tx_handler.abandon_claim(&outpoint);
+						}
+					}
+				}
+			}
+		} else {
+			// No previous claim.
+		}
+	}
+
 	fn get_latest_holder_commitment_txn<L: Deref>(
 		&mut self, logger: &WithChannelMonitor<L>,
 	) -> Vec<Transaction> where L::Target: Logger {
@@ -3578,6 +3652,10 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 							commitment_tx_to_counterparty_output,
 						},
 					});
+					// Now that we've detected a confirmed commitment transaction, attempt to cancel
+					// pending claims for any commitments that were previously confirmed such that
+					// we don't continue claiming inputs that no longer exist.
+					self.cancel_prev_commitment_claims(&logger, &txid);
 				}
 			}
 			if tx.input.len() >= 1 {
@@ -3643,29 +3721,9 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 
 		let should_broadcast = self.should_broadcast_holder_commitment_txn(logger);
 		if should_broadcast {
-			let funding_outp = HolderFundingOutput::build(self.funding_redeemscript.clone(), self.channel_value_satoshis, self.onchain_tx_handler.channel_type_features().clone());
-			let commitment_package = PackageTemplate::build_package(self.funding_info.0.txid.clone(), self.funding_info.0.index as u32, PackageSolvingData::HolderFundingOutput(funding_outp), self.best_block.height(), self.best_block.height());
-			claimable_outpoints.push(commitment_package);
-			self.pending_monitor_events.push(MonitorEvent::HolderForceClosed(self.funding_info.0));
-			// Although we aren't signing the transaction directly here, the transaction will be signed
-			// in the claim that is queued to OnchainTxHandler. We set holder_tx_signed here to reject
-			// new channel updates.
-			self.holder_tx_signed = true;
-			// We can't broadcast our HTLC transactions while the commitment transaction is
-			// unconfirmed. We'll delay doing so until we detect the confirmed commitment in
-			// `transactions_confirmed`.
-			if !self.onchain_tx_handler.channel_type_features().supports_anchors_zero_fee_htlc_tx() {
-				// Because we're broadcasting a commitment transaction, we should construct the package
-				// assuming it gets confirmed in the next block. Sadly, we have code which considers
-				// "not yet confirmed" things as discardable, so we cannot do that here.
-				let (mut new_outpoints, _) = self.get_broadcasted_holder_claims(&self.current_holder_commitment_tx, self.best_block.height());
-				let unsigned_commitment_tx = self.onchain_tx_handler.get_unsigned_holder_commitment_tx();
-				let new_outputs = self.get_broadcasted_holder_watch_outputs(&self.current_holder_commitment_tx, &unsigned_commitment_tx);
-				if !new_outputs.is_empty() {
-					watch_outputs.push((self.current_holder_commitment_tx.txid.clone(), new_outputs));
-				}
-				claimable_outpoints.append(&mut new_outpoints);
-			}
+			let (mut new_outpoints, mut new_outputs) = self.generate_claimable_outpoints_and_watch_outputs();
+			claimable_outpoints.append(&mut new_outpoints);
+			watch_outputs.append(&mut new_outputs);
 		}
 
 		// Find which on-chain events have reached their confirmation threshold.
 
@@ -676,6 +676,25 @@ impl<ChannelSigner: WriteableEcdsaChannelSigner> OnchainTxHandler<ChannelSigner>
 		None
 	}
 
+	pub fn abandon_claim(&mut self, outpoint: &BitcoinOutPoint) {
+		let claim_id = self.claimable_outpoints.get(outpoint).map(|(claim_id, _)| *claim_id)
+			.or_else(|| {
+				self.pending_claim_requests.iter()
+					.find(|(_, claim)| claim.outpoints().iter().any(|claim_outpoint| *claim_outpoint == outpoint))
+					.map(|(claim_id, _)| *claim_id)
+			});
+		if let Some(claim_id) = claim_id {
+			if let Some(claim) = self.pending_claim_requests.remove(&claim_id) {
+				for outpoint in claim.outpoints() {
+					self.claimable_outpoints.remove(&outpoint);
+				}
+			}
+		} else {
+			self.locktimed_packages.values_mut().for_each(|claims|
+				claims.retain(|claim| !claim.outpoints().iter().any(|claim_outpoint| *claim_outpoint == outpoint)));
+		}
+	}
+
 	/// Upon channelmonitor.block_connected(..) or upon provision of a preimage on the forward link
 	/// for this channel, provide new relevant on-chain transactions and/or new claim requests.
 	/// Together with `update_claims_view_from_matched_txn` this used to be named