Fail HTLCs which were removed from a channel but not persisted by TheBlueMatt · Pull Request #1857 · lightningdevkit/rust-lightning

TheBlueMatt · 2022-11-16T17:32:52Z

~~Based on #1830 (I didn't pull it all in, but there's one commit that just takes one function from there).~~

When a channel is force-closed, if a ChannelMonitor update is
completed but a ChannelManager persist has not yet happened,
HTLCs which were removed in the latest (persisted) ChannelMonitor
update will not be failed even though they do not appear in the
commitment transaction which went on chain. This is because the
ChannelManager thinks the ChannelMonitor is responsible for
them (as it is stale), but the ChannelMonitor has no knowledge of
the HTLC at all (as it is not stale).

The fix for this is relatively simple - we need to check for this
specific case and fail back such HTLCs when deserializing a
ChannelManager

codecov-commenter · 2022-11-16T19:23:54Z

Codecov Report

Base: 90.60% // Head: 91.78% // Increases project coverage by +1.17% 🎉

Coverage data is based on head (3149544) compared to base (a4c4301).
Patch coverage: 93.36% of modified lines in pull request are covered.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1857      +/-   ##
==========================================
+ Coverage   90.60%   91.78%   +1.17%     
==========================================
  Files          91       91              
  Lines       47969    56197    +8228     
  Branches    47969    56197    +8228     
==========================================
+ Hits        43463    51581    +8118     
- Misses       4506     4616     +110

Impacted Files	Coverage Δ
lightning/src/ln/functional_test_utils.rs	`96.52% <ø> (+2.87%)`	⬆️
lightning/src/ln/channel.rs	`91.30% <80.00%> (+2.56%)`	⬆️
lightning/src/ln/channelmanager.rs	`89.40% <82.97%> (+4.29%)`	⬆️
lightning/src/ln/reload_tests.rs	`95.50% <96.55%> (+0.25%)`	⬆️
lightning/src/chain/channelmonitor.rs	`93.29% <97.67%> (+2.55%)`	⬆️
lightning/src/chain/onchaintx.rs	`94.44% <0.00%> (-0.43%)`	⬇️
lightning/src/ln/peer_channel_encryptor.rs	`93.38% <0.00%> (-0.25%)`	⬇️
lightning/src/ln/reorg_tests.rs	`100.00% <0.00%> (ø)`
lightning/src/ln/payment_tests.rs	`98.92% <0.00%> (+0.02%)`	⬆️
lightning/src/ln/monitor_tests.rs	`99.66% <0.00%> (+0.10%)`	⬆️
... and 12 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

valentinewallace · 2022-11-21T19:51:04Z

Needs rebase

TheBlueMatt · 2022-11-21T20:40:11Z

Rebased.

dunxen

LGTM AFAICT. Just nits. One optional.

lightning/src/chain/channelmonitor.rs

lightning/src/ln/reload_tests.rs

This expands the outbound-HTLC-listing support in `ChannelMonitor` to include not only the set of outbound HTLCs which have not yet been resolved but to also include the full set of HTLCs which the `ChannelMonitor` is currently able to to or has already finalized. This will be used in the next commit to fail-back HTLCs which were removed from a channel in the ChannelMonitor but not in a Channel. Using the existing `get_pending_outbound_htlcs` for this purpose is subtly broken - if the channel is already closed, an HTLC fail may have completed on chain and is no longer "pending" to the monitor, but the fail event is still in the monitor waiting to be handed back to the `ChannelMonitor` when polled.

If, after forwarding a payment to our counterparty, we restart with a ChannelMonitor update having been persisted, but the corresponding ChannelManager update was not persisted, we'll still have the forwarded HTLC in the `forward_htlcs` map on start. This will cause us to generate a (spurious) `PendingHTLCsForwardable` event. However, when we go to forward said HTLC, we'll notice the channel has been closed and leave it up to the `ChannelMontior` to finalize the HTLC. This is all fine today - we won't lose any funds, we'll just generate an excess forwardable event and then fail to forward. However, in the future when we allow for forward-time channel changes this could break. Thus, its worth adding tests for this behavior today, and, while we're at it, removing the spurious forwardable HTLCs event.

When a channel is force-closed, if a `ChannelMonitor` update is completed but a `ChannelManager` persist has not yet happened, HTLCs which were removed in the latest (persisted) `ChannelMonitor` update will not be failed even though they do not appear in the commitment transaction which went on chain. This is because the `ChannelManager` thinks the `ChannelMonitor` is responsible for them (as it is stale), but the `ChannelMonitor` has no knowledge of the HTLC at all (as it is not stale). The fix for this is relatively simple - we need to check for this specific case and fail back such HTLCs when deserializing a `ChannelManager`

TheBlueMatt · 2022-12-05T20:27:40Z

Squashed fixups.

TheBlueMatt added this to the 0.0.113 milestone Nov 16, 2022

TheBlueMatt force-pushed the 2022-11-reload-htlc branch 2 times, most recently from 5180e9e to d793bb8 Compare November 16, 2022 18:37

TheBlueMatt mentioned this pull request Nov 16, 2022

JIT Forwards Reload Consistency #1858

Closed

TheBlueMatt force-pushed the 2022-11-reload-htlc branch from d793bb8 to 227a8bd Compare November 17, 2022 05:55

TheBlueMatt added the Seeking Code Review label Nov 18, 2022

TheBlueMatt force-pushed the 2022-11-reload-htlc branch from 227a8bd to f9f1f81 Compare November 21, 2022 20:40

TheBlueMatt force-pushed the 2022-11-reload-htlc branch from f9f1f81 to d17ce49 Compare November 22, 2022 18:43

dunxen self-requested a review November 28, 2022 17:44

dunxen reviewed Nov 29, 2022

View reviewed changes

lightning/src/chain/channelmonitor.rs Outdated Show resolved Hide resolved

lightning/src/ln/reload_tests.rs Outdated Show resolved Hide resolved

TheBlueMatt force-pushed the 2022-11-reload-htlc branch from d17ce49 to 3149544 Compare November 29, 2022 23:08

dunxen previously approved these changes Dec 5, 2022

View reviewed changes

TheBlueMatt added 3 commits December 5, 2022 20:27

TheBlueMatt dismissed dunxen’s stale review via dbe4aad December 5, 2022 20:27

TheBlueMatt force-pushed the 2022-11-reload-htlc branch from 3149544 to dbe4aad Compare December 5, 2022 20:27

dunxen approved these changes Dec 5, 2022

View reviewed changes

wpaulino approved these changes Dec 5, 2022

View reviewed changes

wpaulino removed the Seeking Code Review label Dec 5, 2022

TheBlueMatt merged commit f4ab077 into lightningdevkit:main Dec 5, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comments

Fail HTLCs which were removed from a channel but not persisted#1857

Fail HTLCs which were removed from a channel but not persisted#1857
TheBlueMatt merged 3 commits intolightningdevkit:mainfrom
TheBlueMatt:2022-11-reload-htlc

TheBlueMatt commented Nov 16, 2022 •

edited

Loading

Uh oh!

codecov-commenter commented Nov 16, 2022 •

edited

Loading

Uh oh!

valentinewallace commented Nov 21, 2022

Uh oh!

TheBlueMatt commented Nov 21, 2022

Uh oh!

dunxen left a comment

Uh oh!

Uh oh!

Uh oh!

TheBlueMatt commented Dec 5, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Comments

Conversation

TheBlueMatt commented Nov 16, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

codecov-commenter commented Nov 16, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

valentinewallace commented Nov 21, 2022

Uh oh!

TheBlueMatt commented Nov 21, 2022

Uh oh!

dunxen left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

TheBlueMatt commented Dec 5, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

TheBlueMatt commented Nov 16, 2022 •

edited

Loading

codecov-commenter commented Nov 16, 2022 •

edited

Loading