Create a single P2A anchor on commitment transactions in 0FC channels #4053
Conversation
|
👋 Thanks for assigning @TheBlueMatt as a reviewer! |
|
Still owe some tests, but here's the API I currently have in mind. |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #4053 +/- ##
========================================
Coverage 88.76% 88.76%
========================================
Files 176 176
Lines 129357 129611 +254
Branches 129357 129611 +254
========================================
+ Hits 114823 115051 +228
- Misses 11929 11953 +24
- Partials 2605 2607 +2
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
| // We populate this field for downgrades | ||
| self.initial_counterparty_commitment_info = Some((commitment_tx.per_commitment_point(), | ||
| commitment_tx.feerate_per_kw(), commitment_tx.to_broadcaster_value_sat(), commitment_tx.to_countersignatory_value_sat())); | ||
| // Only populate `initial_counterparty_commitment_info` in non-0FC channels |
There was a problem hiding this comment.
Can you update the comment on initial_counterparty_commitment_info now that its not always set?
lightning/src/ln/chan_utils.rs
Outdated
| @@ -1578,6 +1586,7 @@ impl Writeable for CommitmentTransaction { | |||
| (8, self.keys, required), | |||
| (10, self.built, required), | |||
| (12, self.nondust_htlcs, required_vec), | |||
| (13, self.trimmed_sum_sat, option), | |||
There was a problem hiding this comment.
Hmm? The commit messages is wrong, this should be even to make sure old clients fail to deserialize.
There was a problem hiding this comment.
Discussed offline: old clients will fail to deserialize when they read the unknown 0FC feature bit in the channel_type_features member.
lightning/src/ln/chan_utils.rs
Outdated
| @@ -1538,6 +1544,8 @@ pub struct CommitmentTransaction { | |||
| // The set of non-dust HTLCs included in the commitment. They must be sorted in increasing | |||
| // output index order. | |||
| nondust_htlcs: Vec<HTLCOutputInCommitment>, | |||
| // The sum of the values of all outputs that were trimmed to fees | |||
| trimmed_sum_sat: Option<Amount>, // Added in 0.2 | |||
There was a problem hiding this comment.
ISTM this doesn't have to be an Option - just default to 0 if it isn't there on load and skip writing if its zero (which we need to do anyway as the current constructor will always set Some and so we'll currently always write).
lightning/src/ln/channel.rs
Outdated
| @@ -11859,7 +11859,9 @@ where | |||
| } | |||
| self.context.resend_order = RAACommitmentOrder::RevokeAndACKFirst; | |||
|
|
|||
| let update = if self.pending_funding.is_empty() { | |||
| let update = if self.pending_funding.is_empty() | |||
| && !self.funding.get_channel_type().supports_anchor_zero_fee_commitments() | |||
There was a problem hiding this comment.
I mean, that's fine, but why bother? Is it just to push migration faster by using the new type for cases where we know no downgrade is possible anyway?
There was a problem hiding this comment.
Mentioned offline: LatestCounterpartyCommitmentTXInfo does not include enough information to build a 0FC commitment transaction from it, as is done in ChannelMonitor.counterparty_commitment_txs_from_update. We have to use the LatestCounterpartyCommitment variant.
lightning/src/ln/chan_utils.rs
Outdated
| @@ -1538,6 +1544,8 @@ pub struct CommitmentTransaction { | |||
| // The set of non-dust HTLCs included in the commitment. They must be sorted in increasing | |||
| // output index order. | |||
| nondust_htlcs: Vec<HTLCOutputInCommitment>, | |||
There was a problem hiding this comment.
While we're here can we rename the feerate_per_kw field/accessor method in CommitmentTransaction to negotiated_feerate_per_kw or so? Its confusing that it does not actually refer to the feerate that the commitment transaction has (even if that already was true due to dust rounding).
|
👋 The first review has been submitted! Do you think this PR is ready for a second reviewer? If so, click here to assign a second reviewer. |
tankyleo
force-pushed
the
2025-09-p2a-anchor
branch
from
f4f603a to
d14ea23
Compare
tankyleo
force-pushed
the
2025-09-p2a-anchor
branch
from
d14ea23 to
889ca0b
Compare
|
Squashed, some small edits to the commit messages, no code changes. |
Zero-fee commitment channels replace today's existing `to_local_anchor` and `to_remote_anchor` outputs with a single `shared_anchor` output. Co-authored-by: Matt Corallo <[email protected]>
Use `negotiated_feerate_per_kw()` to underscore that this is the feerate we negotiated with our peer, not the actual feerate of the commitment transaction. The feerate of the actual commitment transaction may be higher.
Co-authored-by: Matt Corallo <[email protected]>
tankyleo
force-pushed
the
2025-09-p2a-anchor
branch
from
889ca0b to
1cef4c3
Compare
|
@TheBlueMatt sorry for the rugpull here I looked at the dev branch Carla shared, and turns out |
|
🔔 1st Reminder Hey @TheBlueMatt @wpaulino! This PR has been waiting for your review. |
1 similar comment
|
🔔 1st Reminder Hey @TheBlueMatt @wpaulino! This PR has been waiting for your review. |
Co-authored-by: Matt Corallo <[email protected]>
tankyleo
force-pushed
the
2025-09-p2a-anchor
branch
from
0a0306e to
538c4cc
Compare
![graphite-app[bot]](https://avatars.githubusercontent.com/in/158384?s=60&v=4){kind=small}
| // These subtractions panic on underflow, but this should never happen | ||
| let trimmed_sum_sat = channel_value_satoshis - nondust_htlcs_value_sum_sat - to_broadcaster_value_sat - to_countersignatory_value_sat; |
There was a problem hiding this comment.
The subtraction operation here could potentially panic if the sum of the values being subtracted exceeds channel_value_satoshis. While the comment acknowledges this shouldn't happen, it would be safer to use checked arithmetic or validate the constraint before performing the subtraction to prevent a potential DoS vulnerability in edge cases.
Consider using checked_sub or similar methods to handle this gracefully:
let trimmed_sum_sat = channel_value_satoshis
.checked_sub(nondust_htlcs_value_sum_sat)
.and_then(|result| result.checked_sub(to_broadcaster_value_sat))
.and_then(|result| result.checked_sub(to_countersignatory_value_sat))
.unwrap_or(Amount::ZERO); // Or handle the error case appropriatelyThis would make the code more robust against unexpected inputs while maintaining the same functionality.
| // These subtractions panic on underflow, but this should never happen | |
| let trimmed_sum_sat = channel_value_satoshis - nondust_htlcs_value_sum_sat - to_broadcaster_value_sat - to_countersignatory_value_sat; | |
| // Use checked subtraction to avoid potential panics | |
| let trimmed_sum_sat = channel_value_satoshis | |
| .checked_sub(nondust_htlcs_value_sum_sat) | |
| .and_then(|result| result.checked_sub(to_broadcaster_value_sat)) | |
| .and_then(|result| result.checked_sub(to_countersignatory_value_sat)) | |
| .unwrap_or_else(|| { | |
| // This should never happen, but we handle it gracefully instead of panicking | |
| debug_assert!(false, "Channel value calculation underflowed"); | |
| 0 | |
| }); |
Spotted by Diamond
Is this helpful? React 👍 or 👎 to let us know.
Part of #3789