Merge pull request #4067 from tankyleo/2025-09-p2a-onchain

Sweep P2A outputs on commitment transactions in 0FC channels

Author: wpaulino

fuzz/src/full_stack.rs

@@ -1048,7 +1048,7 @@ fn two_peer_forwarding_seed() -> Vec<u8> {
 	// our network key
 	ext_from_hex("0100000000000000000000000000000000000000000000000000000000000000", &mut test);
 	// config
-	ext_from_hex("0000000000900000000000000000640001000000000001ffff0000000000000000ffffffffffffffffffffffffffffffff0000000000000000ffffffffffffffff000000ffffffff00ffff1a000400010000020400000000040200000a08ffffffffffffffff000100000000", &mut test);
+	ext_from_hex("000000000090000000000000000064000100000000000100ffff0000000000000000ffffffffffffffffffffffffffffffff0000000000000000ffffffffffffffff000000ffffffff00ffff1a000400010000020400000000040200000a08ffffffffffffffff000100000000", &mut test);
 
 	// new outbound connection with id 0
 	ext_from_hex("00", &mut test);
@@ -1502,7 +1502,7 @@ fn gossip_exchange_seed() -> Vec<u8> {
 	// our network key
 	ext_from_hex("0100000000000000000000000000000000000000000000000000000000000000", &mut test);
 	// config
-	ext_from_hex("0000000000900000000000000000640001000000000001ffff0000000000000000ffffffffffffffffffffffffffffffff0000000000000000ffffffffffffffff000000ffffffff00ffff1a000400010000020400000000040200000a08ffffffffffffffff000100000000", &mut test);
+	ext_from_hex("000000000090000000000000000064000100000000000100ffff0000000000000000ffffffffffffffffffffffffffffffff0000000000000000ffffffffffffffff000000ffffffff00ffff1a000400010000020400000000040200000a08ffffffffffffffff000100000000", &mut test);
 
 	// new outbound connection with id 0
 	ext_from_hex("00", &mut test);

lightning/src/chain/channelmonitor.rs

@@ -2715,6 +2715,7 @@ impl<Signer: EcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 				} else {
 					let funding = get_confirmed_funding_scope!(self);
 					debug_assert!(!funding.channel_type_features().supports_anchors_zero_fee_htlc_tx());
+					debug_assert!(!funding.channel_type_features().supports_anchor_zero_fee_commitments());
 					BitcoinOutPoint::new(*txid, 0)
 				}
 			} else {
@@ -3949,10 +3950,18 @@ impl<Signer: EcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 		// new channel updates.
 		self.holder_tx_signed = true;
 		let mut watch_outputs = Vec::new();
-		// We can't broadcast our HTLC transactions while the commitment transaction is
-		// unconfirmed. We'll delay doing so until we detect the confirmed commitment in
-		// `transactions_confirmed`.
-		if !funding.channel_type_features().supports_anchors_zero_fee_htlc_tx() {
+		// In CSV anchor channels, we can't broadcast our HTLC transactions while the commitment transaction is
+		// unconfirmed.
+		// We'll delay doing so until we detect the confirmed commitment in `transactions_confirmed`.
+		//
+		// TODO: For now in 0FC channels, we also delay broadcasting any HTLC transactions until the commitment
+		// transaction gets confirmed. It is nonetheless possible to add HTLC spends to the P2A spend
+		// transaction while the commitment transaction is still unconfirmed.
+		let zero_fee_htlcs =
+			self.channel_type_features().supports_anchors_zero_fee_htlc_tx();
+		let zero_fee_commitments =
+			self.channel_type_features().supports_anchor_zero_fee_commitments();
+		if !zero_fee_htlcs && !zero_fee_commitments {
 			// Because we're broadcasting a commitment transaction, we should construct the package
 			// assuming it gets confirmed in the next block. Sadly, we have code which considers
 			// "not yet confirmed" things as discardable, so we cannot do that here.
@@ -4416,8 +4425,6 @@ impl<Signer: EcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 						counterparty_node_id,
 						claim_id,
 						package_target_feerate_sat_per_1000_weight,
-						commitment_tx,
-						commitment_tx_fee_satoshis,
 						anchor_descriptor: AnchorDescriptor {
 							channel_derivation_parameters: ChannelDerivationParameters {
 								keys_id: self.channel_keys_id,
@@ -4428,8 +4435,11 @@ impl<Signer: EcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 								txid: commitment_txid,
 								vout: anchor_output_idx,
 							},
+							value: commitment_tx.output[anchor_output_idx as usize].value,
 						},
 						pending_htlcs: pending_nondust_htlcs,
+						commitment_tx,
+						commitment_tx_fee_satoshis,
 					}));
 				},
 				ClaimEvent::BumpHTLC {
@@ -4646,7 +4656,6 @@ impl<Signer: EcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 				if outp.script_pubkey == revokeable_p2wsh {
 					let revk_outp = RevokedOutput::build(
 						per_commitment_point, per_commitment_key, outp.value,
-						funding_spent.channel_type_features().supports_anchors_zero_fee_htlc_tx(),
 						funding_spent.channel_parameters.clone(), height,
 					);
 					let justice_package = PackageTemplate::build_package(
@@ -4859,9 +4868,8 @@ impl<Signer: EcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 			if input.previous_output.txid == *commitment_txid && input.witness.len() == 5 && tx.output.get(idx).is_some() {
 				log_error!(logger, "Got broadcast of revoked counterparty HTLC transaction, spending {}:{}", htlc_txid, idx);
 				let revk_outp = RevokedOutput::build(
-					per_commitment_point, per_commitment_key, tx.output[idx].value, false,
-					funding_spent.channel_parameters.clone(),
-					height,
+					per_commitment_point, per_commitment_key, tx.output[idx].value,
+					self.funding.channel_parameters.clone(), height,
 				);
 				let justice_package = PackageTemplate::build_package(
 					htlc_txid, idx as u32, PackageSolvingData::RevokedOutput(revk_outp),
@@ -5129,9 +5137,22 @@ impl<Signer: EcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 			self.funding.current_holder_commitment_tx.add_holder_sig(&redeem_script, sig)
 		};
 		let mut holder_transactions = vec![commitment_tx];
-		// When anchor outputs are present, the HTLC transactions are only final once the commitment
-		// transaction confirms due to the CSV 1 encumberance.
-		if self.channel_type_features().supports_anchors_zero_fee_htlc_tx() {
+
+		if self.channel_type_features().supports_anchors_zero_fee_htlc_tx()
+			|| self.channel_type_features().supports_anchor_zero_fee_commitments()
+		{
+			// HTLC transactions in these channels require external funding before finalized,
+			// so we return the commitment transaction alone here.
+			//
+			// In 0FC channels, we *could* use HTLC transactions to pay for fees on a
+			// 0FC commitment transaction to save the fixed transaction overhead
+			// (locktime + version), but we would still have to pay for fees using
+			// external UTXOs to avoid invalidating the counterparty HTLC signature.
+			// This is something we would consider in the future.
+			//
+			// Furthermore, we can't broadcast a HTLC claim transaction while the
+			// anchor claim transaction and its parent are still unconfirmed due to the
+			// current single-child restriction on TRUC transactions.
 			return holder_transactions;
 		}
 

lightning/src/chain/onchaintx.rs

@@ -30,7 +30,8 @@ use crate::chain::package::{PackageSolvingData, PackageTemplate};
 use crate::chain::transaction::MaybeSignedTransaction;
 use crate::chain::ClaimId;
 use crate::ln::chan_utils::{
-	self, ChannelTransactionParameters, HTLCOutputInCommitment, HolderCommitmentTransaction,
+	get_keyed_anchor_redeemscript, shared_anchor_script_pubkey, ChannelTransactionParameters,
+	HTLCOutputInCommitment, HolderCommitmentTransaction,
 };
 use crate::ln::msgs::DecodeError;
 use crate::sign::{ecdsa::EcdsaChannelSigner, EntropySource, HTLCDescriptor, SignerProvider};
@@ -677,7 +678,16 @@ impl<ChannelSigner: EcdsaChannelSigner> OnchainTxHandler<ChannelSigner> {
 					let channel_parameters = output.channel_parameters.as_ref()
 						.unwrap_or(self.channel_parameters());
 					let funding_pubkey = &channel_parameters.holder_pubkeys.funding_pubkey;
-					match chan_utils::get_keyed_anchor_output(&tx, funding_pubkey) {
+					let script_pubkey = if channel_parameters.channel_type_features.supports_anchors_zero_fee_htlc_tx() {
+						get_keyed_anchor_redeemscript(funding_pubkey).to_p2wsh()
+					} else {
+						debug_assert!(channel_parameters.channel_type_features.supports_anchor_zero_fee_commitments());
+						shared_anchor_script_pubkey()
+					};
+					let anchor_output = tx.output.iter().enumerate()
+						.find(|(_, txout)| txout.script_pubkey == script_pubkey)
+						.map(|(idx, txout)| (idx as u32, txout));
+					match anchor_output {
 						// An anchor output was found, so we should yield a funding event externally.
 						Some((idx, _)) => {
 							// TODO: Use a lower confirmation target when both our and the

lightning/src/chain/package.rs

@@ -144,7 +144,6 @@ pub(crate) struct RevokedOutput {
 	weight: u64,
 	amount: Amount,
 	on_counterparty_tx_csv: u16,
-	is_counterparty_balance_on_anchors: Option<()>,
 	channel_parameters: Option<ChannelTransactionParameters>,
 	// Added in LDK 0.1.4/0.2 and always set since.
 	outpoint_confirmation_height: Option<u32>,
@@ -154,7 +153,7 @@ impl RevokedOutput {
 	#[rustfmt::skip]
 	pub(crate) fn build(
 		per_commitment_point: PublicKey, per_commitment_key: SecretKey, amount: Amount,
-		is_counterparty_balance_on_anchors: bool, channel_parameters: ChannelTransactionParameters,
+		channel_parameters: ChannelTransactionParameters,
 		outpoint_confirmation_height: u32,
 	) -> Self {
 		let directed_params = channel_parameters.as_counterparty_broadcastable();
@@ -170,7 +169,6 @@ impl RevokedOutput {
 			weight: WEIGHT_REVOKED_OUTPUT,
 			amount,
 			on_counterparty_tx_csv,
-			is_counterparty_balance_on_anchors: if is_counterparty_balance_on_anchors { Some(()) } else { None },
 			channel_parameters: Some(channel_parameters),
 			outpoint_confirmation_height: Some(outpoint_confirmation_height),
 		}
@@ -186,7 +184,9 @@ impl_writeable_tlv_based!(RevokedOutput, {
 	(8, weight, required),
 	(10, amount, required),
 	(12, on_counterparty_tx_csv, required),
-	(14, is_counterparty_balance_on_anchors, option),
+	// Unused since 0.1, this setting causes downgrades to before 0.1 to refuse to
+	// aggregate `RevokedOutput` claims, which is the more conservative stance.
+	(14, is_counterparty_balance_on_anchors, (legacy, (), |_| Some(()))),
 	(15, channel_parameters, (option: ReadableArgs, None)), // Added in 0.2.
 });
 
@@ -750,11 +750,17 @@ impl PackageSolvingData {
 			PackageSolvingData::CounterpartyOfferedHTLCOutput(ref outp) => outp.htlc.amount_msat / 1000,
 			PackageSolvingData::CounterpartyReceivedHTLCOutput(ref outp) => outp.htlc.amount_msat / 1000,
 			PackageSolvingData::HolderHTLCOutput(ref outp) => {
-				debug_assert!(outp.channel_type_features.supports_anchors_zero_fee_htlc_tx());
+				let free_htlcs = outp.channel_type_features.supports_anchors_zero_fee_htlc_tx();
+				let free_commitments =
+					outp.channel_type_features.supports_anchor_zero_fee_commitments();
+				debug_assert!(free_htlcs || free_commitments);
 				outp.amount_msat / 1000
 			},
 			PackageSolvingData::HolderFundingOutput(ref outp) => {
-				debug_assert!(outp.channel_type_features.supports_anchors_zero_fee_htlc_tx());
+				let free_htlcs = outp.channel_type_features.supports_anchors_zero_fee_htlc_tx();
+				let free_commitments =
+					outp.channel_type_features.supports_anchor_zero_fee_commitments();
+				debug_assert!(free_htlcs || free_commitments);
 				outp.funding_amount_sats.unwrap()
 			}
 		};
@@ -768,7 +774,10 @@ impl PackageSolvingData {
 			PackageSolvingData::CounterpartyOfferedHTLCOutput(ref outp) => weight_offered_htlc(&outp.channel_type_features) as usize,
 			PackageSolvingData::CounterpartyReceivedHTLCOutput(ref outp) => weight_received_htlc(&outp.channel_type_features) as usize,
 			PackageSolvingData::HolderHTLCOutput(ref outp) => {
-				debug_assert!(outp.channel_type_features.supports_anchors_zero_fee_htlc_tx());
+				let free_htlcs = outp.channel_type_features.supports_anchors_zero_fee_htlc_tx();
+				let free_commitments =
+					outp.channel_type_features.supports_anchor_zero_fee_commitments();
+				debug_assert!(free_htlcs || free_commitments);
 				if outp.preimage.is_none() {
 					weight_offered_htlc(&outp.channel_type_features) as usize
 				} else {
@@ -988,6 +997,7 @@ impl PackageSolvingData {
 		match self {
 			PackageSolvingData::HolderHTLCOutput(ref outp) => {
 				debug_assert!(!outp.channel_type_features.supports_anchors_zero_fee_htlc_tx());
+				debug_assert!(!outp.channel_type_features.supports_anchor_zero_fee_commitments());
 				outp.get_maybe_signed_htlc_tx(onchain_handler, outpoint)
 			}
 			PackageSolvingData::HolderFundingOutput(ref outp) => {
@@ -1040,14 +1050,20 @@ impl PackageSolvingData {
 				PackageMalleability::Malleable(AggregationCluster::Unpinnable),
 			PackageSolvingData::CounterpartyReceivedHTLCOutput(..) =>
 				PackageMalleability::Malleable(AggregationCluster::Pinnable),
-			PackageSolvingData::HolderHTLCOutput(ref outp) if outp.channel_type_features.supports_anchors_zero_fee_htlc_tx() => {
-				if outp.preimage.is_some() {
-					PackageMalleability::Malleable(AggregationCluster::Unpinnable)
+			PackageSolvingData::HolderHTLCOutput(ref outp) => {
+				let free_htlcs = outp.channel_type_features.supports_anchors_zero_fee_htlc_tx();
+				let free_commits = outp.channel_type_features.supports_anchor_zero_fee_commitments();
+
+				if free_htlcs || free_commits {
+					if outp.preimage.is_some() {
+						PackageMalleability::Malleable(AggregationCluster::Unpinnable)
+					} else {
+						PackageMalleability::Malleable(AggregationCluster::Pinnable)
+					}
 				} else {
-					PackageMalleability::Malleable(AggregationCluster::Pinnable)
+					PackageMalleability::Untractable
 				}
 			},
-			PackageSolvingData::HolderHTLCOutput(..) => PackageMalleability::Untractable,
 			PackageSolvingData::HolderFundingOutput(..) => PackageMalleability::Untractable,
 		}
 	}
@@ -1364,7 +1380,10 @@ impl PackageTemplate {
 		for (previous_output, input) in &self.inputs {
 			match input {
 				PackageSolvingData::HolderHTLCOutput(ref outp) => {
-					debug_assert!(outp.channel_type_features.supports_anchors_zero_fee_htlc_tx());
+					let free_htlcs = outp.channel_type_features.supports_anchors_zero_fee_htlc_tx();
+					let free_commitments =
+						outp.channel_type_features.supports_anchor_zero_fee_commitments();
+					debug_assert!(free_htlcs || free_commitments);
 					outp.get_htlc_descriptor(onchain_handler, &previous_output).map(|htlc| {
 						htlcs.get_or_insert_with(|| Vec::with_capacity(self.inputs.len())).push(htlc);
 					});
@@ -1559,8 +1578,14 @@ impl PackageTemplate {
 	#[rustfmt::skip]
 	pub(crate) fn requires_external_funding(&self) -> bool {
 		self.inputs.iter().find(|input| match input.1 {
-			PackageSolvingData::HolderFundingOutput(ref outp) => outp.channel_type_features.supports_anchors_zero_fee_htlc_tx(),
-			PackageSolvingData::HolderHTLCOutput(ref outp) => outp.channel_type_features.supports_anchors_zero_fee_htlc_tx(),
+			PackageSolvingData::HolderFundingOutput(ref outp) => {
+				outp.channel_type_features.supports_anchors_zero_fee_htlc_tx()
+					|| outp.channel_type_features.supports_anchor_zero_fee_commitments()
+			},
+			PackageSolvingData::HolderHTLCOutput(ref outp) => {
+				outp.channel_type_features.supports_anchors_zero_fee_htlc_tx()
+					|| outp.channel_type_features.supports_anchor_zero_fee_commitments()
+			},
 			_ => false,
 		}).is_some()
 	}
@@ -1796,16 +1821,13 @@ mod tests {
 
 	#[rustfmt::skip]
 	macro_rules! dumb_revk_output {
-		($is_counterparty_balance_on_anchors: expr) => {
+		() => {
 			{
 				let secp_ctx = Secp256k1::new();
 				let dumb_scalar = SecretKey::from_slice(&<Vec<u8>>::from_hex("0101010101010101010101010101010101010101010101010101010101010101").unwrap()[..]).unwrap();
 				let dumb_point = PublicKey::from_secret_key(&secp_ctx, &dumb_scalar);
 				let channel_parameters = ChannelTransactionParameters::test_dummy(0);
-				PackageSolvingData::RevokedOutput(RevokedOutput::build(
-					dumb_point, dumb_scalar, Amount::ZERO, $is_counterparty_balance_on_anchors,
-					channel_parameters, 0,
-				))
+				PackageSolvingData::RevokedOutput(RevokedOutput::build(dumb_point, dumb_scalar, Amount::ZERO, channel_parameters, 0))
 			}
 		}
 	}
@@ -2107,9 +2129,9 @@ mod tests {
 	#[test]
 	#[rustfmt::skip]
 	fn test_package_split_malleable() {
-		let revk_outp_one = dumb_revk_output!(false);
-		let revk_outp_two = dumb_revk_output!(false);
-		let revk_outp_three = dumb_revk_output!(false);
+		let revk_outp_one = dumb_revk_output!();
+		let revk_outp_two = dumb_revk_output!();
+		let revk_outp_three = dumb_revk_output!();
 
 		let mut package_one = PackageTemplate::build_package(fake_txid(1), 0, revk_outp_one, 1100);
 		let package_two = PackageTemplate::build_package(fake_txid(1), 1, revk_outp_two, 1100);
@@ -2141,7 +2163,7 @@ mod tests {
 
 	#[test]
 	fn test_package_timer() {
-		let revk_outp = dumb_revk_output!(false);
+		let revk_outp = dumb_revk_output!();
 
 		let mut package = PackageTemplate::build_package(fake_txid(1), 0, revk_outp, 1000);
 		assert_eq!(package.timer(), 0);
@@ -2165,7 +2187,7 @@ mod tests {
 		let weight_sans_output = (4 + 4 + 1 + 36 + 4 + 1 + 1 + 8 + 1) * WITNESS_SCALE_FACTOR as u64 + 2;
 
 		{
-			let revk_outp = dumb_revk_output!(false);
+			let revk_outp = dumb_revk_output!();
 			let package = PackageTemplate::build_package(fake_txid(1), 0, revk_outp, 0);
 			assert_eq!(package.package_weight(&ScriptBuf::new()),  weight_sans_output + WEIGHT_REVOKED_OUTPUT);
 		}