Commit Graph

85 Commits

Author SHA1 Message Date
Joost Jager
9acb236665
cnct: remove nursery dependency in commit sweep resolver
The channel arbitrator no longer passes the direct commitment output to
the nursery for incubation. Instead the resolver itself will await the
csv lock if any.

The reason to change this now is to prevent having to deal with the
(legacy) nursery code for a planned anchor outputs related change to the
commit sweep resolver (also csv lock to_remote).

It is no problem if there are any lingering incubating outputs at the
time of upgrade. This just means that the output will be offered twice
to the sweeper and this doesn't hurt.
2019-11-14 13:38:01 +01:00
Joost Jager
1597a92160
cnct: add resolver report output type
This commit prepares for the commit sweep resolver to report on its
state.
2019-11-13 10:17:28 +01:00
Joost Jager
ede7e5e7ee
cnct: log more info when checking chain actions 2019-11-12 15:01:37 +01:00
Joost Jager
50abb41e94
cnct: store full htlc struct inside resolver
This change prepares for accessing the onion blob from a resolver.
2019-11-12 15:01:36 +01:00
Joost Jager
a83be177c6
cnct: move supplement method into resolvers 2019-11-12 14:55:03 +01:00
Joost Jager
32249cb72e
cnct: add new methods for resolvers 2019-11-11 14:35:30 +01:00
Joost Jager
ff63a680a1
cnct: instantiate quit channels inside resolvers
Removes a bug-prone construction that existed previously where the quit
channel was replaced just-in-time.
2019-11-07 13:10:35 +01:00
Joost Jager
75ecbfd321
cnct: unexport ResolverKit quit field 2019-11-07 13:10:33 +01:00
Olaoluwa Osuntokun
7a491776a1
contractcourt: use legacy chain actions of commitSet not found
In this commit, we fix a bug that would prevent users that had
unresolved contracts at the time of update from starting their nodes.
Before we added the conf commit set, the information needed to
supplement the resolvers was found in the chain action map. As a result,
if the conf commit set is nil, then we also need to check this legacy
data to ensure that we can supplement the resolvers to the best of our
ability based on the available data.

Fixes #3549.
2019-10-04 12:30:55 -07:00
Olaoluwa Osuntokun
c57bb9d86b
Merge pull request #3480 from Roasbeef/proper-resolution-supplements
contractcourt: supplement resolvers with confirmed commit set HTLCs
2019-09-25 17:08:35 -07:00
Olaoluwa Osuntokun
d0df5a4ddd
contractcourt: supplement resolvers with confirmed commit set HTLCs
In this commit, we fix an existing bug in the package, causing
resolutions to be restarted without their required supplementary
information. This can happen if a distinct HTLC set gets confirmed
compared to the HTLCs that we may have had our commitment at time of
close. Due to this bug, on restart certain HTLCS would be rejected as
they would present their state to the invoice registry, but be rejected
due to checks such as amount value.

To fix this, we'll now pass in the set of confirmed HTLCs into the
resolvers when we re-launch them, giving us access to all the
information we need to supplement the HTLCS.

We also add a new test that ensures that the proper fields of a resolver
are set after a restart.
2019-09-25 16:05:25 -07:00
Johan T. Halseth
2cb80c4449
contractcourt/chain_arbitrator: mark commitment broadcasted before publish
Before publishing the close tx to the network and commit to the
StateCommitmentBroadcasted state, we mark the commitment as broadcasted
and store it to the db. This ensures it will get re-published on startup
if we go down.
2019-09-25 14:04:44 +02:00
Johan T. Halseth
02b2787e44
multi: make MarkCommitmentBroadcasted take closeTx 2019-09-25 14:04:43 +02:00
Johan T. Halseth
ce9f7faff2
contractcourt/channel_arbitrator: handle breach channel at startup
Earlier the channel arbitrator would fail to recognize channels pending
close that were in the breached state. This lead to the state machine
not progressing correctly, and in some cases crashing since we would
attempt to force close an already closed channel.

A test TestChannelArbitratorForceCloseBreachedChannel is added to
exercise one of these scenarios.
2019-09-18 13:05:35 +02:00
Johan T. Halseth
26b7ec1b94
contractcourt/channel_arbitrator: define and react to breachClose
Earlier we would not react to breaches, as these are handled by other
subsystems. Now we advances our state machine in case of breach, such
that we'll gracefully exit, and won't have leftover state in case of a
restart.

A simple test TestChannelArbitratorBreachClose to exercise this behavior
is added.
2019-09-18 13:05:35 +02:00
Joost Jager
be7fc9dd3e
cnct: do not create an action for incoming dust htlcs
This commit fixes the 'unable to find incoming resolution' error that
occured when trying to resolve incoming htlcs below the dust limit that
are not actually present on the commitment tx.
2019-09-13 12:31:26 +02:00
Joost Jager
d553c304b2
cnct: log resolver type on error 2019-09-13 12:31:22 +02:00
Joost Jager
ecd3c59f7a
cnct: do not log resolver shutting down as error 2019-09-11 15:54:41 +02:00
Joost Jager
d6d9ec6aa5
invoices: replay awareness
Previously the invoice registry wasn't aware of replayed htlcs. This was
dealt with by keeping the invoice accept/settle logic idempotent, so
that a replay wouldn't have an effect.

This mechanism has two limitations:

1. No accurate tracking of the total amount paid to an invoice. The total
amount couldn't just be increased with every htlc received, because it
could be a replay which would lead to counting the htlc amount multiple
times. Therefore the total amount was set to the amount of the first
htlc that was received, even though there may have been multiple htlcs
paying to the invoice.

2. Impossible to check htlc expiry consistently for hodl invoices. When
an htlc is new, its expiry needs to be checked against the invoice cltv
delta. But for a replay, that check must be skipped. The htlc was
accepted in time, the invoice was moved to the accepted state and a
replay some blocks later shouldn't lead to that htlc being cancelled.
Because the invoice registry couldn't recognize replays, it stopped
checking htlc expiry heights when the invoice reached the accepted
state. This prevents hold htlcs from being cancelled after a restart.
But unfortunately this also caused additional htlcs to be accepted on an
already accepted invoice without their expiry being checked.

In this commit, the invoice registry starts to persistently track htlcs
so that replays can be recognized. For replays, an htlc resolution
action is returned early. This fixes both limitations mentioned above.
2019-09-04 19:20:31 +02:00
Joost Jager
c1345a4117
multi: use separate cltv expiry field from invoice
Now that the Invoice struct contains the decoded final cltv delta value,
the decoding of payment requests can be removed from the invoice
registry.
2019-09-04 19:20:19 +02:00
Joost Jager
05e6b62cb2
cnct+htlcswitch+invoices: report circuit key to invoice registry
Currently the invoice registry cannot tell apart the htlcs that pay to
an invoice. Because htlcs may also be replayed on startup, it isn't
possible to determine the total amount paid to an invoice.

This commit is a first step towards fixing that. It reports the circuit
keys of htlcs to the invoice registry, which forms the basis for
accurate invoice accounting.
2019-09-04 19:20:13 +02:00
Joost Jager
5871d69bde
cnct: convert supplement functions to methods 2019-09-04 19:20:11 +02:00
Olaoluwa Osuntokun
2011ccc571
contractcourt: write confirmed CommitSet to disk before MarkChannelClosed
In this commit, we make a series of changes to ensure that we'll be able
to properly survive restarts if we crash right after we call
MarkChannelClosed. In order to ensure we can survive restarts, we'll now
long the confirmed CommitSet to disk right before we close the channel.
Upon restart, we'll read these from disk so we can pick up where we left
over.

Additionally, we also will now consult the legacy chain actions if it
turns out that the channel has been closed, but we don't have a
confCommitSet written to disk. This will only be the case for nodes that
had pending close channels before this commitment.
2019-05-27 15:26:46 -07:00
Olaoluwa Osuntokun
087e22d817
contractcourt: obtain supplementary HTLC info from the htlcSets
Since we no longer have up to date chain actions on disk, we'll use the
HTLC sets in memory which contain the necessary information we need to
in order to obtain the HTLC amounts.
2019-05-27 15:26:40 -07:00
Olaoluwa Osuntokun
8a34b1ae88
contractcourt: only send resolution messages if we have any to send 2019-05-27 15:26:39 -07:00
Olaoluwa Osuntokun
877b8c55d3
contractcourt: stop writing chain actions to disk
We don't need them as we'll just reconstruct the chain actions once a
commitment has actually confirmed.
2019-05-27 15:26:38 -07:00
Olaoluwa Osuntokun
fb91f0be70
contractcourt: reconstruct chain actions at time of commitment confirmation
In this commit, we change the behavior of the channel arb to no longer
write chain actions to disk. Instead, using the new CommitSet struct,
we'll replay our set of prior actions based on what actually got into
the chain. As a result, we no longer need to write the chain actions at
all, instead they're reconstructed at run time to determine decisions,
and before any commitments are broadcast in order to determine if we
need to go to chain at all.
2019-05-27 15:26:37 -07:00
Olaoluwa Osuntokun
fc617cd041
contractcourt: add new checkLocalChainActions method use in main state step
In this commit, we add a new `checkLocalChainActions` method. This
method differs from the existing `checkChainActions` method in that it's
only concerned with actions we should take on chain for our local state
based on the local _and_ remote state. This change ensures that we'll
now to go to chain order to cancel an HTLC that was on the remote
party's commitment transaction, but not our own.
2019-05-27 15:26:36 -07:00
Olaoluwa Osuntokun
5f0fad85be multi: address lingering TODO by no longer wiping out local HTLCs on remote close
In this commit, we fix a lingering TOOD statement in the channel arb.
Before this commitment, we would simply wipe our our local HTLC set of
the HTLC set that was on the remote commitment transaction on force
close. This was incorrect as if our commitment transaction had an HTLC
that the remote commitment didn't, then we would fail to cancel that
back, and cause both channels to time out on chain.

In order to remedy this, we introduce a new `HtlcSetKey` struct to track
all 3 possible in-flight set of HTLCs: ours, theirs, and their pending.

We also we start to tack on additional data to all the unilateral close
messages we send to subscribers. This new data is the CommitSet, or the
set of valid commitments at channel closure time. This new information
will be used by the channel arb in an upcoming commit to ensure it will
cancel back HTLCs in the case of split commitment state.

Finally, we start to thread through an optional *CommitSet to the
advanceState method. This additional information will give the channel
arb addition information it needs to ensure it properly cancels back
HTLCs that are about to time out or may time out depending on which
commitment is played.

Within the htlcswitch pakage, we modify the `SignNextCommitment` method
to return the new set of pending HTLCs for the remote party's commitment
transaction and `ReceiveRevocation` to return the latest set of
commitment transactions on the remote party's commitment as well. This
is a preparatory change which is part of a larger change to address a
lingering TODO in the cnct.

Additionally, rather than just send of the set of HTLCs after the we
revoke, we'll also send of the set of HTLCs after the remote party
revokes, and we create a pending commitment state for it.
2019-05-27 14:34:13 -07:00
Joost Jager
1a80a1e540
witness_beacon: do not look up invoice preimages
This commit isolates preimages of forwarded htlcs from invoice
preimages. The reason to do this is to prevent the incoming contest
resolver from settling exit hop htlcs for which the invoice isn't marked
as settled.
2019-05-15 14:41:58 +02:00
Joost Jager
6886a0117f
cnct: always create incoming contest resolver
One of the first things the incoming contest resolver does is checking
if the preimage is available and if it is, convert itself into a success
resolver.

This behaviour makes it unnecessary to already determine earlier in the
process whether an incoming contest or a success resolver is needed.

By having all incoming htlcs go through the incoming contest resolver,
the number of execution paths is reduced and it becomes easier to
ascertain that the implemented logic is correct.

The only functional change in this commit is that a forwarded htlc for
which is the preimage is known, is no longer settled when the htlc is
already expired. Previously a success resolver would be instantiated
directly, skipping the expiry height check.

This created a risk that the success resolver would never finish,
because an expired htlc could already have been swept by the remote
party and there is no detection of this remote spend in the success
resolver currently.

With the new change, the general direction that an expired htlc
shouldn't be settled and instead given up on is implemented more
consistently.

This commit prepares for fixing edges cases related to hodl
invoice on-chain resolution.
2019-05-15 14:41:47 +02:00
Joost Jager
86eb0a3383
cnct: log go to chain reason
This commit adds logging of the reason to go to chain for a channel.
This can help users to find out the reason why a channels forced closed.

To get all go to chain reasons, an optimization to break early is
removed. This optimization was not significant, because the normal flow
already examined all htlcs. In the exceptional case where we need to go
to chain, it does not weigh up against logging all go to chain reasons.
2019-04-08 10:34:41 +02:00
Joost Jager
ab4da0f53d
cnct: define separate broadcast delta for outgoing htlcs
This commits exposes the various parameters around going to chain and
accepting htlcs in a clear way.

In addition to this, it reverts those parameters to what they were
before the merge of commit d1076271456bdab1625ea6b52b93ca3e1bd9aed9.
2019-04-05 11:36:07 +02:00
Jim Posen
d107627145
contractcourt: remove broadcastRedeemMultiplier
The multiplier doesn't make sense because funds may be equally at risk
by failing to broadcast to chain regardless of whether the HTLC is a
redeem or a timeout.
2019-03-26 14:31:51 +01:00
Conner Fromknecht
29f07a58cb
cnct+lnwl+hswc: use lntypes.Preimage for witness beacon 2019-02-19 17:06:00 -08:00
Conner Fromknecht
30f61b7630
multi: make AddPreimage variadic, optimistically compute key
In this commit, we modify the WitnessCache's
AddPreimage method to accept a variadic number
of preimages. This enables callers to batch
preimage writes in performance critical areas
of the codebase, e.g. the htlcswitch.

Additionally, we lift the computation of the
witnesses' keys outside of the db transaction.
This saves us from having to do hashing inside
and blocking other callers, and limits extraneous
blocking at the call site.
2019-02-19 17:05:04 -08:00
Joost Jager
55aee9c703
cnct: expose non-incubating htlcs after channel force close
In this commit we fix a reporting gap that previously existed for htlcs
that were still contested.
2019-02-01 09:36:47 +01:00
Joost Jager
9abe06f3c8
cnct: finish channel arbitrator in StateFullyResolved
Previously the arbitrator wasn't advanced to the final stage after
the last contract resolved.

Also channel arbitrator now does not ignore a log error anymore
unresolved contracts cannot be retrieved.
2019-02-01 09:10:04 +01:00
Wilmer Paulino
974e0f2df5
cnct: make original htlc amt available for contract resolvers
Previously, contract resolvers that needed to publish a second level tx,
did not have access to the original htlc amount.

This commit reconstructs this amount from data that is already persisted
in arbitrator log.

Co-authored-by: Joost Jager <joost.jager@gmail.com>
2019-01-22 20:47:17 -08:00
Wilmer Paulino
93754f8d37
lnwallet: add HtlcPoint() resolution helper methods
Co-authored-by: Joost Jager <joost.jager@gmail.com>
2019-01-22 20:47:13 -08:00
Wilmer Paulino
865f7568d6
cnct: extract relaunching of resolvers to method
Co-authored-by: Joost Jager <joost.jager@gmail.com>
2019-01-22 20:46:14 -08:00
Wilmer Paulino
60036aca1d
contractcourt/channel_arbitrator: prevent force closing same channel twice
In this commit, we prevent the ChainArbitrator from sending a force
close request for a channel if it has previously already sent one. We do
this to prevent blocking the caller of ForceCloseContract.
2018-12-10 20:37:58 -08:00
Olaoluwa Osuntokun
6afee3d099
Merge pull request #1856 from maurycy/typos
multi: fix various typos in comments
2018-09-27 20:38:10 -07:00
Johan T. Halseth
3a67fe2552
contractcourt+server: make IncubateOutputs take broadcastHeight 2018-09-20 12:54:48 +02:00
maurycy
ac24b12bf2
multi: fix various typos in comments 2018-09-07 06:51:49 +02:00
Conner Fromknecht
d706e40ff7
contractcourt/channel_arbitrator: handle onchain close race on restart 2018-09-03 23:12:57 -07:00
Johan T. Halseth
4933120d38
contractcourt/channel arbitrator: add coopCloseTrigger on startup for pendingClose channel 2018-08-23 10:04:43 +02:00
Johan T. Halseth
ed5db96e05
contractcourt/channel_arbittrator: ignore noResolutions error on startup 2018-08-23 00:03:22 +02:00
Johan T. Halseth
f2a033e965
contractcourt/channel_arbitrator: override trigger on startup if IsClosing
At ChannelArbitrator startup we now check the database close status of
the channel. If we detect that the channel is closed, but our state
machine hasn't advanced to reflect that (possibly because of a shutdown
before the state transition was finished), we manually trigger the state
transition to recover.
2018-08-23 00:03:22 +02:00
Johan T. Halseth
1758ad829f
contractcourt/[chain|channel]_arbitrator: define IsPendingClose 2018-08-23 00:03:22 +02:00