lnwallet: properly restore removeCommitHeightRemote

Previously, we could sign a pending commitment for the remote party,
disconnect, and not restore these signed remote updates as having been
removed at the pending commitment height. This commit fixes that to
look up whether the update under the unsigned acked updates key is
present on the pending commitment or not and appropriately set
the remove commit heights.
This commit is contained in:
nsa 2020-07-13 15:34:47 -04:00
parent 2149157d49
commit 8c002a08a7

@ -1867,6 +1867,7 @@ func (lc *LightningChannel) restoreStateLogs(
// in our next signature. // in our next signature.
err := lc.restorePendingRemoteUpdates( err := lc.restorePendingRemoteUpdates(
unsignedAckedUpdates, localCommitment.height, unsignedAckedUpdates, localCommitment.height,
pendingRemoteCommit,
) )
if err != nil { if err != nil {
return err return err
@ -1879,7 +1880,8 @@ func (lc *LightningChannel) restoreStateLogs(
// haven't yet signed for. // haven't yet signed for.
func (lc *LightningChannel) restorePendingRemoteUpdates( func (lc *LightningChannel) restorePendingRemoteUpdates(
unsignedAckedUpdates []channeldb.LogUpdate, unsignedAckedUpdates []channeldb.LogUpdate,
localCommitmentHeight uint64) error { localCommitmentHeight uint64,
pendingRemoteCommit *commitment) error {
lc.log.Debugf("Restoring %v dangling remote updates", lc.log.Debugf("Restoring %v dangling remote updates",
len(unsignedAckedUpdates)) len(unsignedAckedUpdates))
@ -1894,12 +1896,38 @@ func (lc *LightningChannel) restorePendingRemoteUpdates(
return err return err
} }
logIdx := payDesc.LogIndex
// Sanity check that we are not restoring a remote log update // Sanity check that we are not restoring a remote log update
// that we haven't received a sig for. // that we haven't received a sig for.
if payDesc.LogIndex >= lc.remoteUpdateLog.logIndex { if logIdx >= lc.remoteUpdateLog.logIndex {
return fmt.Errorf("attempted to restore an "+ return fmt.Errorf("attempted to restore an "+
"unsigned remote update: log_index=%v", "unsigned remote update: log_index=%v",
payDesc.LogIndex) logIdx)
}
// We previously restored Adds along with all the other upates,
// but this Add restoration was a no-op as every single one of
// these Adds was already restored since they're all incoming
// htlcs on the local commitment.
if payDesc.EntryType == Add {
continue
}
var (
height uint64
heightSet bool
)
// If we have a pending commitment for them, and this update
// is included in that commit, then we'll use this commitment
// height as this commitment will include these updates for
// their new remote commitment.
if pendingRemoteCommit != nil {
if logIdx < pendingRemoteCommit.theirMessageIndex {
height = pendingRemoteCommit.height
heightSet = true
}
} }
// Insert the update into the log. The log update index doesn't // Insert the update into the log. The log update index doesn't
@ -1907,23 +1935,20 @@ func (lc *LightningChannel) restorePendingRemoteUpdates(
// final value was properly persisted with the last local // final value was properly persisted with the last local
// commitment update. // commitment update.
switch payDesc.EntryType { switch payDesc.EntryType {
case Add: case FeeUpdate:
lc.remoteUpdateLog.restoreHtlc(payDesc) if heightSet {
payDesc.addCommitHeightRemote = height
// Sanity check to be sure that we are not restoring an payDesc.removeCommitHeightRemote = height
// add update that the remote hasn't signed for yet.
if payDesc.HtlcIndex >= lc.remoteUpdateLog.htlcCounter {
return fmt.Errorf("attempted to restore an "+
"unsigned remote htlc: htlc_index=%v",
payDesc.HtlcIndex)
} }
case FeeUpdate:
lc.remoteUpdateLog.restoreUpdate(payDesc) lc.remoteUpdateLog.restoreUpdate(payDesc)
default: default:
lc.remoteUpdateLog.restoreUpdate(payDesc) if heightSet {
payDesc.removeCommitHeightRemote = height
}
lc.remoteUpdateLog.restoreUpdate(payDesc)
lc.localUpdateLog.markHtlcModified(payDesc.ParentIndex) lc.localUpdateLog.markHtlcModified(payDesc.ParentIndex)
} }
} }