Skip to content

Add missing pending FundingScope checks #3811

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Add missing pending FundingScope checks #3811

wants to merge 8 commits into from
+249 −192

Conversation

jkczyz
Copy link
Contributor

@jkczyz jkczyz commented May 29, 2025

When sending or receiving update_add_htlc, update_fee, or revoke_and_ack messages, check that the messages (or amount or fee rates, as is appropriate) are valid for any pending FundingScope. Otherwise, the promoted FundingScope will be invalid when the splice is locked.

This assumes FundingScope::is_outbound is the same across all FundingScopes. This PR does not fix similar issues for funding negotiation and funding confirmation, which should be handled in #3736 and #3741, respectively.

@ldk-reviews-bot
Copy link

ldk-reviews-bot commented May 29, 2025
edited
Loading

👋 I see @wpaulino was un-assigned.
If you'd like another reviewer assignemnt, please click here.

@jkczyz jkczyz requested a review from wpaulino May 29, 2025 21:26
wpaulino
wpaulino reviewed May 29, 2025
View reviewed changes
@ldk-reviews-bot
Copy link

👋 The first review has been submitted!

Do you think this PR is ready for a second reviewer? If so, click here to assign a second reviewer.

@jkczyz jkczyz force-pushed the 2025-05-missed-funding-checks branch from bc3ede2 to 30ac751 Compare May 30, 2025 17:08
@wpaulino
Copy link
Contributor

Good to squash

@jkczyz jkczyz force-pushed the 2025-05-missed-funding-checks branch from 30ac751 to c6b2d01 Compare May 30, 2025 21:19
@jkczyz
Copy link
Contributor Author

jkczyz commented May 30, 2025

Oops, sorry more fixups to address lint checks.

@jkczyz
Copy link
Contributor Author

jkczyz commented May 30, 2025

@wpaulino Any thoughts on moving the helpers to ChannelContext? We did this for get_available_balance and maybe some other places. It's nice in that it prevents us from accidentally using self.funding instead of the passed in funding. But the functions are only relevant for contexts contained in a FundedChannel.

@wpaulino
Copy link
Contributor

wpaulino commented Jun 2, 2025

Hm yeah I guess we could, let's do the move in its own commit then. Feel free to squash also.

jkczyz added 8 commits June 2, 2025 15:14
@jkczyz
Check pending funding when validating update_add_htlc
ceede42 
If there are any pending splices when an update_add_htlc message is
received, it must be validated against each pending FundingScope.
Otherwise, the HTLC could be invalid once the splice is locked.
@jkczyz
Update pending funding when handling revoke_and_ack
df46875 
If there are any pending splices when a revoke_and_ack message is
received, FundingScope::value_to_self_msat needs to be updated for each.
Otherwise, the promoted FundingScope will be invalid when the splice is
locked.
@jkczyz
Check pending funding when validating update_fee
2a76bfe 
If there are any pending splices when an update_fee message is received,
it must be validated against each pending FundingScope.
Otherwise, it may be invalid once the splice is locked.
@jkczyz
Check pending funding in send_update_fee
131cd25 
If there are any pending splices when an sending an update_fee message,
the new fee rate must be validated against each pending FundingScope.
Otherwise, it may be invalid once the splice is locked.
@jkczyz
Check pending funding in can_accept_incoming_htlc
b7783ad 
If there are any pending splices when an accepting an incoming HTLC, the
HTLC needs to be validated against each pending FundingScope. Otherwise,
once the splice is locked, the HTLC could have been failed when it
should have been forwarded / claimed, or vice versa, under the promoted
FundingScope.
@jkczyz
Check pending funding in send_htlc
802e73a 
If there are any pending splices when an sending an update_add_htlc
message, the HTLC amount must be validated against each pending
FundingScope. Otherwise, it may be invalid once the splice is locked.
@jkczyz
s - drop redundant LocalHTLCFailureReason::AmountExceedsCapacity
7ffaa56
@jkczyz
Move FundingScope-specific validation to ChannelContext
b6a92da 
Previous commits refactored validation checks in FundedChannel to work
on a specific FundingScope. However, keeping these helpers in
FundedChannel doesn't prevent them from using self.funding inadvertently
instead of the passed in FundingScope. Move these helpers to
ChannelContext to avoid this problem, as we done with similar helpers.
@jkczyz jkczyz force-pushed the 2025-05-missed-funding-checks branch from c6b2d01 to b6a92da Compare June 2, 2025 20:46
@jkczyz
Copy link
Contributor Author

jkczyz commented Jun 2, 2025

Hm yeah I guess we could, let's do the move in its own commit then. Feel free to squash also.

Made a separate commit. Squashed fixups except for the last one in case the second reviewer disagrees on dropping that check.

@jkczyz jkczyz requested a review from wpaulino June 2, 2025 20:47
@wpaulino wpaulino requested review from TheBlueMatt and removed request for wpaulino June 2, 2025 20:56
@ldk-reviews-bot
Copy link

🔔 1st Reminder

Hey @TheBlueMatt! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

@ldk-reviews-bot
Copy link

🔔 2nd Reminder

Hey @TheBlueMatt! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

@ldk-reviews-bot
Copy link

🔔 3rd Reminder

Hey @TheBlueMatt! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

TheBlueMatt
TheBlueMatt reviewed Jun 10, 2025
View reviewed changes
Copy link
Collaborator

@TheBlueMatt TheBlueMatt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

lightning/src/ln/channel.rs

for funding in core::iter::once(&mut self.funding).chain(self.pending_funding.iter_mut()) {
funding.value_to_self_msat = (funding.value_to_self_msat as i64 + value_to_self_msat_diff) as u64;
}

if let Some((feerate, update_state)) = self.context.pending_update_fee {
match update_state {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't comment there, but a few lines down funding.is_outbound() is asserted around the pending fee update. I presume is_outbound should move out of funding as its something that now must remain static across splices (and it being in funding implies that we can change that).

lightning/src/ln/channel.rs
@@ -8080,70 +8207,10 @@ impl<SP: Deref> FundedChannel<SP> where
}

let dust_exposure_limiting_feerate = self.context.get_dust_exposure_limiting_feerate(&fee_estimator);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: seems somewhat wasteful to to pass this in to can_accept_incoming_htlc_for_funding instead of just fetching it from context there?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TheBlueMatt TheBlueMatt TheBlueMatt left review comments

@wpaulino wpaulino wpaulino left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jkczyz @ldk-reviews-bot @wpaulino @TheBlueMatt