Skip to content

Commit 8b4cb9f

Browse files
authored
Merge pull request #316 from TheBlueMatt/2019-03-removed-reserve-check
Fix remote reserve check with inbound claims-in-flight
2 parents bb094f1 + 054530c commit 8b4cb9f

File tree

3 files changed

+200
-25
lines changed

3 files changed

+200
-25
lines changed

src/ln/channel.rs

Lines changed: 25 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -881,9 +881,14 @@ impl Channel {
881881
}
882882
}
883883

884-
885884
let value_to_self_msat: i64 = (self.value_to_self_msat - local_htlc_total_msat) as i64 + value_to_self_msat_offset;
886-
let value_to_remote_msat: i64 = (self.channel_value_satoshis * 1000 - self.value_to_self_msat - remote_htlc_total_msat) as i64 - value_to_self_msat_offset;
885+
assert!(value_to_self_msat >= 0);
886+
// Note that in case they have several just-awaiting-last-RAA fulfills in-progress (ie
887+
// AwaitingRemoteRevokeToRemove or AwaitingRemovedRemoteRevoke) we may have allowed them to
888+
// "violate" their reserve value by couting those against it. Thus, we have to convert
889+
// everything to i64 before subtracting as otherwise we can overflow.
890+
let value_to_remote_msat: i64 = (self.channel_value_satoshis * 1000) as i64 - (self.value_to_self_msat as i64) - (remote_htlc_total_msat as i64) - value_to_self_msat_offset;
891+
assert!(value_to_remote_msat >= 0);
887892

888893
#[cfg(debug_assertions)]
889894
{
@@ -1595,7 +1600,24 @@ impl Channel {
15951600
// Check our_channel_reserve_satoshis (we're getting paid, so they have to at least meet
15961601
// the reserve_satoshis we told them to always have as direct payment so that they lose
15971602
// something if we punish them for broadcasting an old state).
1598-
if htlc_inbound_value_msat + msg.amount_msat + self.value_to_self_msat > (self.channel_value_satoshis - Channel::get_our_channel_reserve_satoshis(self.channel_value_satoshis)) * 1000 {
1603+
// Note that we don't really care about having a small/no to_remote output in our local
1604+
// commitment transactions, as the purpose of the channel reserve is to ensure we can
1605+
// punish *them* if they misbehave, so we discount any outbound HTLCs which will not be
1606+
// present in the next commitment transaction we send them (at least for fulfilled ones,
1607+
// failed ones won't modify value_to_self).
1608+
// Note that we will send HTLCs which another instance of rust-lightning would think
1609+
// violate the reserve value if we do not do this (as we forget inbound HTLCs from the
1610+
// Channel state once they will not be present in the next received commitment
1611+
// transaction).
1612+
let mut removed_outbound_total_msat = 0;
1613+
for ref htlc in self.pending_outbound_htlcs.iter() {
1614+
if let OutboundHTLCState::AwaitingRemoteRevokeToRemove(None) = htlc.state {
1615+
removed_outbound_total_msat += htlc.amount_msat;
1616+
} else if let OutboundHTLCState::AwaitingRemovedRemoteRevoke(None) = htlc.state {
1617+
removed_outbound_total_msat += htlc.amount_msat;
1618+
}
1619+
}
1620+
if htlc_inbound_value_msat + msg.amount_msat + self.value_to_self_msat > (self.channel_value_satoshis - Channel::get_our_channel_reserve_satoshis(self.channel_value_satoshis)) * 1000 + removed_outbound_total_msat {
15991621
return Err(ChannelError::Close("Remote HTLC add would put them over their reserve value"));
16001622
}
16011623
if self.next_remote_htlc_id != msg.htlc_id {

src/ln/functional_test_utils.rs

Lines changed: 28 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -542,6 +542,33 @@ macro_rules! expect_pending_htlcs_forwardable {
542542
}}
543543
}
544544

545+
macro_rules! expect_payment_received {
546+
($node: expr, $expected_payment_hash: expr, $expected_recv_value: expr) => {
547+
let events = $node.node.get_and_clear_pending_events();
548+
assert_eq!(events.len(), 1);
549+
match events[0] {
550+
Event::PaymentReceived { ref payment_hash, amt } => {
551+
assert_eq!($expected_payment_hash, *payment_hash);
552+
assert_eq!($expected_recv_value, amt);
553+
},
554+
_ => panic!("Unexpected event"),
555+
}
556+
}
557+
}
558+
559+
macro_rules! expect_payment_sent {
560+
($node: expr, $expected_payment_preimage: expr) => {
561+
let events = $node.node.get_and_clear_pending_events();
562+
assert_eq!(events.len(), 1);
563+
match events[0] {
564+
Event::PaymentSent { ref payment_preimage } => {
565+
assert_eq!($expected_payment_preimage, *payment_preimage);
566+
},
567+
_ => panic!("Unexpected event"),
568+
}
569+
}
570+
}
571+
545572
pub fn send_along_route_with_hash(origin_node: &Node, route: Route, expected_route: &[&Node], recv_value: u64, our_payment_hash: PaymentHash) {
546573
let mut payment_event = {
547574
origin_node.node.send_payment(route, our_payment_hash).unwrap();
@@ -664,14 +691,7 @@ pub fn claim_payment_along_route(origin_node: &Node, expected_route: &[&Node], s
664691

665692
if !skip_last {
666693
last_update_fulfill_dance!(origin_node, expected_route.first().unwrap());
667-
let events = origin_node.node.get_and_clear_pending_events();
668-
assert_eq!(events.len(), 1);
669-
match events[0] {
670-
Event::PaymentSent { payment_preimage } => {
671-
assert_eq!(payment_preimage, our_payment_preimage);
672-
},
673-
_ => panic!("Unexpected event"),
674-
}
694+
expect_payment_sent!(origin_node, our_payment_preimage);
675695
}
676696
}
677697

@@ -935,20 +955,6 @@ pub fn get_announce_close_broadcast_events(nodes: &Vec<Node>, a: usize, b: usize
935955
}
936956
}
937957

938-
macro_rules! expect_payment_received {
939-
($node: expr, $expected_payment_hash: expr, $expected_recv_value: expr) => {
940-
let events = $node.node.get_and_clear_pending_events();
941-
assert_eq!(events.len(), 1);
942-
match events[0] {
943-
Event::PaymentReceived { ref payment_hash, amt } => {
944-
assert_eq!($expected_payment_hash, *payment_hash);
945-
assert_eq!($expected_recv_value, amt);
946-
},
947-
_ => panic!("Unexpected event"),
948-
}
949-
}
950-
}
951-
952958
macro_rules! get_channel_value_stat {
953959
($node: expr, $channel_id: expr) => {{
954960
let chan_lock = $node.node.channel_state.lock().unwrap();

src/ln/functional_tests.rs

Lines changed: 147 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1450,6 +1450,153 @@ fn channel_reserve_test() {
14501450
do_channel_reserve_test(true);
14511451
}
14521452

1453+
#[test]
1454+
fn channel_reserve_in_flight_removes() {
1455+
// In cases where one side claims an HTLC, it thinks it has additional available funds that it
1456+
// can send to its counterparty, but due to update ordering, the other side may not yet have
1457+
// considered those HTLCs fully removed.
1458+
// This tests that we don't count HTLCs which will not be included in the next remote
1459+
// commitment transaction towards the reserve value (as it implies no commitment transaction
1460+
// will be generated which violates the remote reserve value).
1461+
// This was broken previously, and discovered by the chanmon_fail_consistency fuzz test.
1462+
// To test this we:
1463+
// * route two HTLCs from A to B (note that, at a high level, this test is checking that, when
1464+
// you consider the values of both of these HTLCs, B may not send an HTLC back to A, but if
1465+
// you only consider the value of the first HTLC, it may not),
1466+
// * start routing a third HTLC from A to B,
1467+
// * claim the first two HTLCs (though B will generate an update_fulfill for one, and put
1468+
// the other claim in its holding cell, as it immediately goes into AwaitingRAA),
1469+
// * deliver the first fulfill from B
1470+
// * deliver the update_add and an RAA from A, resulting in B freeing the second holding cell
1471+
// claim,
1472+
// * deliver A's response CS and RAA.
1473+
// This results in A having the second HTLC in AwaitingRemovedRemoteRevoke, but B having
1474+
// removed it fully. B now has the push_msat plus the first two HTLCs in value.
1475+
// * Now B happily sends another HTLC, potentially violating its reserve value from A's point
1476+
// of view (if A counts the AwaitingRemovedRemoteRevoke HTLC).
1477+
let mut nodes = create_network(2);
1478+
let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1);
1479+
1480+
let b_chan_values = get_channel_value_stat!(nodes[1], chan_1.2);
1481+
// Route the first two HTLCs.
1482+
let (payment_preimage_1, _) = route_payment(&nodes[0], &[&nodes[1]], b_chan_values.channel_reserve_msat - b_chan_values.value_to_self_msat - 10000);
1483+
let (payment_preimage_2, _) = route_payment(&nodes[0], &[&nodes[1]], 20000);
1484+
1485+
// Start routing the third HTLC (this is just used to get everyone in the right state).
1486+
let (payment_preimage_3, payment_hash_3) = get_payment_preimage_hash!(nodes[0]);
1487+
let send_1 = {
1488+
let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 100000, TEST_FINAL_CLTV).unwrap();
1489+
nodes[0].node.send_payment(route, payment_hash_3).unwrap();
1490+
check_added_monitors!(nodes[0], 1);
1491+
let mut events = nodes[0].node.get_and_clear_pending_msg_events();
1492+
assert_eq!(events.len(), 1);
1493+
SendEvent::from_event(events.remove(0))
1494+
};
1495+
1496+
// Now claim both of the first two HTLCs on B's end, putting B in AwaitingRAA and generating an
1497+
// initial fulfill/CS.
1498+
assert!(nodes[1].node.claim_funds(payment_preimage_1));
1499+
check_added_monitors!(nodes[1], 1);
1500+
let bs_removes = get_htlc_update_msgs!(nodes[1], nodes[0].node.get_our_node_id());
1501+
1502+
// This claim goes in B's holding cell, allowing us to have a pending B->A RAA which does not
1503+
// remove the second HTLC when we send the HTLC back from B to A.
1504+
assert!(nodes[1].node.claim_funds(payment_preimage_2));
1505+
check_added_monitors!(nodes[1], 1);
1506+
assert!(nodes[1].node.get_and_clear_pending_msg_events().is_empty());
1507+
1508+
nodes[0].node.handle_update_fulfill_htlc(&nodes[1].node.get_our_node_id(), &bs_removes.update_fulfill_htlcs[0]).unwrap();
1509+
nodes[0].node.handle_commitment_signed(&nodes[1].node.get_our_node_id(), &bs_removes.commitment_signed).unwrap();
1510+
check_added_monitors!(nodes[0], 1);
1511+
let as_raa = get_event_msg!(nodes[0], MessageSendEvent::SendRevokeAndACK, nodes[1].node.get_our_node_id());
1512+
expect_payment_sent!(nodes[0], payment_preimage_1);
1513+
1514+
nodes[1].node.handle_update_add_htlc(&nodes[0].node.get_our_node_id(), &send_1.msgs[0]).unwrap();
1515+
nodes[1].node.handle_commitment_signed(&nodes[0].node.get_our_node_id(), &send_1.commitment_msg).unwrap();
1516+
check_added_monitors!(nodes[1], 1);
1517+
// B is already AwaitingRAA, so cant generate a CS here
1518+
let bs_raa = get_event_msg!(nodes[1], MessageSendEvent::SendRevokeAndACK, nodes[0].node.get_our_node_id());
1519+
1520+
nodes[1].node.handle_revoke_and_ack(&nodes[0].node.get_our_node_id(), &as_raa).unwrap();
1521+
check_added_monitors!(nodes[1], 1);
1522+
let bs_cs = get_htlc_update_msgs!(nodes[1], nodes[0].node.get_our_node_id());
1523+
1524+
nodes[0].node.handle_revoke_and_ack(&nodes[1].node.get_our_node_id(), &bs_raa).unwrap();
1525+
check_added_monitors!(nodes[0], 1);
1526+
let as_cs = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
1527+
1528+
nodes[1].node.handle_commitment_signed(&nodes[0].node.get_our_node_id(), &as_cs.commitment_signed).unwrap();
1529+
check_added_monitors!(nodes[1], 1);
1530+
let bs_raa = get_event_msg!(nodes[1], MessageSendEvent::SendRevokeAndACK, nodes[0].node.get_our_node_id());
1531+
1532+
// The second HTLCis removed, but as A is in AwaitingRAA it can't generate a CS here, so the
1533+
// RAA that B generated above doesn't fully resolve the second HTLC from A's point of view.
1534+
// However, the RAA A generates here *does* fully resolve the HTLC from B's point of view (as A
1535+
// can no longer broadcast a commitment transaction with it and B has the preimage so can go
1536+
// on-chain as necessary).
1537+
nodes[0].node.handle_update_fulfill_htlc(&nodes[1].node.get_our_node_id(), &bs_cs.update_fulfill_htlcs[0]).unwrap();
1538+
nodes[0].node.handle_commitment_signed(&nodes[1].node.get_our_node_id(), &bs_cs.commitment_signed).unwrap();
1539+
check_added_monitors!(nodes[0], 1);
1540+
let as_raa = get_event_msg!(nodes[0], MessageSendEvent::SendRevokeAndACK, nodes[1].node.get_our_node_id());
1541+
expect_payment_sent!(nodes[0], payment_preimage_2);
1542+
1543+
nodes[1].node.handle_revoke_and_ack(&nodes[0].node.get_our_node_id(), &as_raa).unwrap();
1544+
check_added_monitors!(nodes[1], 1);
1545+
assert!(nodes[1].node.get_and_clear_pending_msg_events().is_empty());
1546+
1547+
expect_pending_htlcs_forwardable!(nodes[1]);
1548+
expect_payment_received!(nodes[1], payment_hash_3, 100000);
1549+
1550+
// Note that as this RAA was generated before the delivery of the update_fulfill it shouldn't
1551+
// resolve the second HTLC from A's point of view.
1552+
nodes[0].node.handle_revoke_and_ack(&nodes[1].node.get_our_node_id(), &bs_raa).unwrap();
1553+
check_added_monitors!(nodes[0], 1);
1554+
let as_cs = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
1555+
1556+
// Now that B doesn't have the second RAA anymore, but A still does, send a payment from B back
1557+
// to A to ensure that A doesn't count the almost-removed HTLC in update_add processing.
1558+
let (payment_preimage_4, payment_hash_4) = get_payment_preimage_hash!(nodes[1]);
1559+
let send_2 = {
1560+
let route = nodes[1].router.get_route(&nodes[0].node.get_our_node_id(), None, &[], 10000, TEST_FINAL_CLTV).unwrap();
1561+
nodes[1].node.send_payment(route, payment_hash_4).unwrap();
1562+
check_added_monitors!(nodes[1], 1);
1563+
let mut events = nodes[1].node.get_and_clear_pending_msg_events();
1564+
assert_eq!(events.len(), 1);
1565+
SendEvent::from_event(events.remove(0))
1566+
};
1567+
1568+
nodes[0].node.handle_update_add_htlc(&nodes[1].node.get_our_node_id(), &send_2.msgs[0]).unwrap();
1569+
nodes[0].node.handle_commitment_signed(&nodes[1].node.get_our_node_id(), &send_2.commitment_msg).unwrap();
1570+
check_added_monitors!(nodes[0], 1);
1571+
let as_raa = get_event_msg!(nodes[0], MessageSendEvent::SendRevokeAndACK, nodes[1].node.get_our_node_id());
1572+
1573+
// Now just resolve all the outstanding messages/HTLCs for completeness...
1574+
1575+
nodes[1].node.handle_commitment_signed(&nodes[0].node.get_our_node_id(), &as_cs.commitment_signed).unwrap();
1576+
check_added_monitors!(nodes[1], 1);
1577+
let bs_raa = get_event_msg!(nodes[1], MessageSendEvent::SendRevokeAndACK, nodes[0].node.get_our_node_id());
1578+
1579+
nodes[1].node.handle_revoke_and_ack(&nodes[0].node.get_our_node_id(), &as_raa).unwrap();
1580+
check_added_monitors!(nodes[1], 1);
1581+
1582+
nodes[0].node.handle_revoke_and_ack(&nodes[1].node.get_our_node_id(), &bs_raa).unwrap();
1583+
check_added_monitors!(nodes[0], 1);
1584+
let as_cs = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
1585+
1586+
nodes[1].node.handle_commitment_signed(&nodes[0].node.get_our_node_id(), &as_cs.commitment_signed).unwrap();
1587+
check_added_monitors!(nodes[1], 1);
1588+
let bs_raa = get_event_msg!(nodes[1], MessageSendEvent::SendRevokeAndACK, nodes[0].node.get_our_node_id());
1589+
1590+
nodes[0].node.handle_revoke_and_ack(&nodes[1].node.get_our_node_id(), &bs_raa).unwrap();
1591+
check_added_monitors!(nodes[0], 1);
1592+
1593+
expect_pending_htlcs_forwardable!(nodes[0]);
1594+
expect_payment_received!(nodes[0], payment_hash_4, 10000);
1595+
1596+
claim_payment(&nodes[1], &[&nodes[0]], payment_preimage_4);
1597+
claim_payment(&nodes[0], &[&nodes[1]], payment_preimage_3);
1598+
}
1599+
14531600
#[test]
14541601
fn channel_monitor_network_test() {
14551602
// Simple test which builds a network of ChannelManagers, connects them to each other, and

0 commit comments

Comments
 (0)