lnwallet: when validating fee updates, ensure newFee < balance

This commit is contained in:
Olaoluwa Osuntokun 2018-02-24 19:19:46 -08:00
parent ac90a8288e
commit b8d0df998a
No known key found for this signature in database
GPG Key ID: 964EA263DD637C21
2 changed files with 12 additions and 4 deletions

@ -3054,7 +3054,7 @@ func (lc *LightningChannel) ChanSyncMsg() (*lnwire.ChannelReestablish, error) {
// computeView takes the given htlcView, and calculates the balances, filtered // computeView takes the given htlcView, and calculates the balances, filtered
// view (settling unsettled HTLCs), commitment weight and feePerKw, after // view (settling unsettled HTLCs), commitment weight and feePerKw, after
// applying the HTLCs to the latest commitment. The returned balanced are the // applying the HTLCs to the latest commitment. The returned balances are the
// balances *before* subtracting the commitment fee from the initiator's // balances *before* subtracting the commitment fee from the initiator's
// balance. // balance.
// //
@ -5137,10 +5137,18 @@ func (lc *LightningChannel) validateFeeRate(feePerKw SatPerKWeight) error {
newFee := lnwire.NewMSatFromSatoshis( newFee := lnwire.NewMSatFromSatoshis(
feePerKw.FeeForWeight(txWeight), feePerKw.FeeForWeight(txWeight),
) )
balanceAfterFee := availableBalance - newFee
// If the total fee exceeds our available balance, then we'll reject
// this update as it would mean we need to trim our entire output.
if newFee > availableBalance {
return fmt.Errorf("cannot apply fee_update=%v sat/kw, new fee "+
"of %v is greater than balance of %v", int64(feePerKw),
newFee, availableBalance)
}
// If this new balance is below our reserve, then we can't accommodate // If this new balance is below our reserve, then we can't accommodate
// the fee change, so we'll reject it. // the fee change, so we'll reject it.
balanceAfterFee := availableBalance - newFee
if balanceAfterFee.ToSatoshis() < lc.channelState.LocalChanCfg.ChanReserve { if balanceAfterFee.ToSatoshis() < lc.channelState.LocalChanCfg.ChanReserve {
return fmt.Errorf("cannot apply fee_update=%v sat/kw, "+ return fmt.Errorf("cannot apply fee_update=%v sat/kw, "+
"insufficient balance: start=%v, end=%v", "insufficient balance: start=%v, end=%v",

@ -2477,7 +2477,7 @@ func TestAddHTLCNegativeBalance(t *testing.T) {
} }
// Alice now has an available balance of 2 BTC. We'll add a new HTLC of // Alice now has an available balance of 2 BTC. We'll add a new HTLC of
// value 2 BTC, which should make Alice's balance negative (since (she // value 2 BTC, which should make Alice's balance negative (since she
// has to pay a commitment fee). // has to pay a commitment fee).
htlcAmt = lnwire.NewMSatFromSatoshis(2 * btcutil.SatoshiPerBitcoin) htlcAmt = lnwire.NewMSatFromSatoshis(2 * btcutil.SatoshiPerBitcoin)
htlc, _ := createHTLC(numHTLCs+1, htlcAmt) htlc, _ := createHTLC(numHTLCs+1, htlcAmt)
@ -4378,7 +4378,7 @@ func TestDesyncHTLCs(t *testing.T) {
// Alice now has gotten all her original balance (5 BTC) back, however, // Alice now has gotten all her original balance (5 BTC) back, however,
// adding a new HTLC at this point SHOULD fail, since if she adds the // adding a new HTLC at this point SHOULD fail, since if she adds the
// HTLC and sign the next state, Bob cannot assume she received the // HTLC and signs the next state, Bob cannot assume she received the
// FailHTLC, and must assume she doesn't have the necessary balance // FailHTLC, and must assume she doesn't have the necessary balance
// available. // available.
// //