Introduce interactive signing state flags for funded states. #3637
Conversation
|
👋 Thanks for assigning @wpaulino as a reviewer! |
dunxen
force-pushed
the
2025-02-interactivesigningstate
branch
2 times, most recently
from
4c6b6ab to
c1f430a
Compare
dunxen
changed the title
dunxen
force-pushed
the
2025-02-interactivesigningstate
branch
from
c1f430a to
e89ba58
Compare
Not yet. Tracked in #3636. Will need to be able to contribute inputs first to test a useful order of message exchange + restart. |
dunxen
force-pushed
the
2025-02-interactivesigningstate
branch
from
e89ba58 to
3b2ac55
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #3637 +/- ##
==========================================
- Coverage 89.04% 88.99% -0.05%
==========================================
Files 155 155
Lines 122019 122116 +97
Branches 122019 122116 +97
==========================================
+ Hits 108652 108683 +31
- Misses 10701 10764 +63
- Partials 2666 2669 +3 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
dunxen
force-pushed
the
2025-02-interactivesigningstate
branch
from
3b2ac55 to
5110ecc
Compare
|
@dunxen re-request when this is ready for review again, feel free to squash as well |
dunxen
force-pushed
the
2025-02-interactivesigningstate
branch
from
5110ecc to
1d96044
Compare
|
🔔 1st Reminder Hey @TheBlueMatt @jkczyz @wpaulino! This PR has been waiting for your review. |
| @@ -6924,11 +6933,72 @@ impl<SP: Deref> FundedChannel<SP> where | |||
| log_debug!(logger, "Reconnected channel {} with no loss", &self.context.channel_id()); | |||
| } | |||
|
|
|||
| // if next_funding_txid is set: | |||
There was a problem hiding this comment.
If possible, would be nice to get some test coverage in now for this
There was a problem hiding this comment.
Might be tricky at the moment, but makes sense to try do that now 👍
There was a problem hiding this comment.
Still tricky, but working on this now currently. I'll let you know if we'll have to defer this to a PR after "create outbound dual-funded channel" is complete.
dunxen
force-pushed
the
2025-02-interactivesigningstate
branch
from
1d96044 to
55e5f6f
Compare
| where L::Target: Logger | ||
| { | ||
| if !matches!(self.context.channel_state, ChannelState::AwaitingChannelReady(_)) { | ||
| if !matches!(self.context.channel_state, ChannelState::FundingNegotiated(flags) if flags.is_interactive_signing()) { |
There was a problem hiding this comment.
Should this also check if they already sent it? Unclear if the spec is fine with retransmitting even if we didn't ask for it.
There was a problem hiding this comment.
What if they sent this first but we were supposed to? Should we disconnect/fail?
There was a problem hiding this comment.
This isn't clear in the spec if we should disconnect/fail.
There was a problem hiding this comment.
So clarification on the spec: since we are always meant to immediately (ASAP) send tx_signatures after receiving the remote initial commitment signed if we are up first, we do not care if the remote incorrectly sends tx_signatures "first". We must carry on with the protocol (i.e. make sure our tx_signatures gets sent eventually).
There was a problem hiding this comment.
Cool. This should probably ignore any duplicate tx_signatures messages so we don't close the channel if they resend as part of reestablish. I think they may also resend it as part of reestablish even when we're no longer in FundingNegotiated.
dunxen
force-pushed
the
2025-02-interactivesigningstate
branch
2 times, most recently
from
5291edc to
c99182e
Compare
1 similar comment
dunxen
force-pushed
the
2025-02-interactivesigningstate
branch
from
c99182e to
aaaeb22
Compare
1 similar comment
dunxen
force-pushed
the
2025-02-interactivesigningstate
branch
from
aaaeb22 to
206faf0
Compare
lightning/src/ln/channel.rs
Outdated
| update_fail_malformed_htlcs: vec![], | ||
| update_fee: None, | ||
| }) | ||
| self.get_last_commitment_update_for_send(logger).ok() |
There was a problem hiding this comment.
Maybe we should drop this commit for now, and revisit splicing support as a follow-up cc @jkczyz. maybe_get_next_funding_txid will have to look at the pending FundingScopes for splices/RBF, and get_last_commitment_update_for_send now returns a batch of commitment_signeds when this should just send the one for the FundingScope in question.
lightning/src/ln/channel.rs
Outdated
| // if it also sets `next_funding_txid` in its own `channel_reestablish`, but the values don't match: | ||
| if let Some(our_next_funding_txid) = self.maybe_get_next_funding_txid().filter(|txid| txid != &next_funding_txid) { | ||
| // MUST send an `error` and fail the channel. | ||
| return Err(ChannelError::Close((format!( |
There was a problem hiding this comment.
What's the actual requirement? We seem to have two conflicting ones: here we fail if there's a mismatch, but below we send TxAbort instead.
There was a problem hiding this comment.
It's in the current splicing PR. This one is fail and below is tx_abort:
- if it also sets `next_funding_txid` in its own `channel_reestablish`, but the
values don't match:
- MUST send an `error` and fail the channel.
- otherwise:
- MUST send `tx_abort` to let the sending node know that they can forget
this funding transaction.
206faf0 to
d9a8527
Compare
Thanks, will address those. Honestly haven't paid much attention as fuzz had been broken for a while on main I believe. |
Instead of having an explicit `ChannelContext::next_funding_txid` to set and read, we can get this value on the fly when it is appropriate to do so.
This follows the the specification closely in branching without being too verbose, so that it should be easy to follow the logic. See: https://github.com/lightning/bolts/blob/aa5207a/02-peer-protocol.md?plain=1#L2520-L2531
dunxen
force-pushed
the
2025-02-interactivesigningstate
branch
from
d9a8527 to
aec4e43
Compare
|
Hmm... when possible please avoid rebasing unless necessary. Otherwise, it makes it difficult to view new changes related to the PR. If needed, doing two separate pushes would be ideal. |
Locally, it still should work. CI has just been timing out (unfortunately) but will catch actual failures, AFAICT. |
Oh yeah I see this was just related to the new bool in config. |
Sorry, bad habit I do sometimes. I'll keep it in mind again. |
This intoduces the INTERACTIVE_SIGNING, THEIR_TX_SIGNATURES_SENT, and OUR_TX_SIGNATURES_SENT funded state flags. A top-level state flag for INTERACTIVE_SIGNING was avoided so that this work is compatible with splicing as well as V2 channel establishment (dual-funding).
We fully persist `InteractiveTxSigningSession` as it provides the full context of the constructed transaction which is still needed for signing.
When this config field is enabled, the dual_fund feature bit will be set which determines support when receiving `open_channel2` messages.
dunxen
force-pushed
the
2025-02-interactivesigningstate
branch
from
aec4e43 to
4f6192f
Compare
| @@ -5809,7 +5848,6 @@ impl<SP: Deref> FundedChannel<SP> where | |||
| log_info!(logger, "Received initial commitment_signed from peer for channel {}", &self.context.channel_id()); | |||
|
|
|||
| let need_channel_ready = self.check_get_channel_ready(0, logger).is_some(); | |||
| self.context.channel_state = ChannelState::AwaitingChannelReady(AwaitingChannelReadyFlags::new()); | |||
| self.monitor_updating_paused(false, false, need_channel_ready, Vec::new(), Vec::new(), Vec::new()); | |||
There was a problem hiding this comment.
I don't think we need to check for channel ready here because it should be impossible to send splice_locked if tx_signatures has not been exchanged. It does mean we'll have to check it once we receive tx_signatures though.
| where L::Target: Logger | ||
| { | ||
| if !matches!(self.context.channel_state, ChannelState::AwaitingChannelReady(_)) { | ||
| if !matches!(self.context.channel_state, ChannelState::FundingNegotiated(flags) if flags.is_interactive_signing()) { |
There was a problem hiding this comment.
Cool. This should probably ignore any duplicate tx_signatures messages so we don't close the channel if they resend as part of reestablish. I think they may also resend it as part of reestablish even when we're no longer in FundingNegotiated.
This PR includes some deferred follow-ups extracted from #3423 and introduces new state flags to track interactive signing along with persistence of the minimum information needed from a signing session to reconstruct it.
A top-level state flag was avoided so that this work is compatible with splicing as well as V2 channel establishment (dual-funding).