Skip to content

Revert attribution of failures #3817

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Revert attribution of failures #3817

wants to merge 2 commits into from

Conversation

joostjager
Copy link
Contributor

Until a sufficient number of nodes on the network has upgraded, it is not possible to use attribution data to assign blame. Otherwise nodes that have not upgraded yet would already receive penalties.

Pointed out by @GeorgeTsagk

@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Jun 2, 2025
edited
Loading

👋 Thanks for assigning @TheBlueMatt as a reviewer!
I'll wait for their review and will help manage the review process.
Once they submit their review, I'll check if a second reviewer would be helpful.

@joostjager joostjager force-pushed the attr-failure-decode-fix branch from 9d082a4 to a75adb3 Compare June 2, 2025 11:20
@joostjager joostjager requested a review from carlaKC June 2, 2025 11:20
@joostjager joostjager marked this pull request as ready for review June 2, 2025 11:22
@joostjager joostjager force-pushed the attr-failure-decode-fix branch from a75adb3 to 914ec1a Compare June 2, 2025 12:36
TheBlueMatt
TheBlueMatt reviewed Jun 2, 2025
View reviewed changes
Copy link
Collaborator

@TheBlueMatt TheBlueMatt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Presumably this could use a test for attribution on a path where one node clears the attribution data?

@joostjager
Refactor attribution data mutation test
74e6b57 
Prepares for a DropAttributionData mutation.
@joostjager joostjager force-pushed the attr-failure-decode-fix branch from 914ec1a to 7c7f7bc Compare June 3, 2025 11:31
@joostjager joostjager force-pushed the attr-failure-decode-fix branch from 7c7f7bc to 567ac64 Compare June 3, 2025 11:32
@joostjager
Copy link
Contributor Author

Added coverage for dropping attribution data.

@joostjager joostjager requested a review from TheBlueMatt June 3, 2025 11:41
@TheBlueMatt TheBlueMatt added this to the 0.2 milestone Jun 3, 2025
@ldk-reviews-bot
Copy link

🔔 1st Reminder

Hey @TheBlueMatt @carlaKC! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

carlaKC
carlaKC reviewed Jun 4, 2025
View reviewed changes
lightning/src/ln/onion_utils.rs
// Only check attribution when an attribution data failure has not yet occurred.
if attribution_failed_channel.is_none() {
// Check attr error HMACs if present.
if let Some(ref mut attribution_data) = encrypted_packet.attribution_data {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pre-existing, but don't we need to check whether the node supports attributable failures here?

As-is we would:

  • Set attribution_failed_channel for a node that doesn't support attributable failures
  • Not set attribution_failed_channel for a node that does support attributable failures but didn't include them

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code is currently written as if there is universal support for it, but then - and this is what this PR changes - we don't act on it (yet).

Not set attribution_failed_channel for a node that does support attributable failures but didn't include them

I think we do now, because when we don't receive attribution_data from the first hop, we blame that hop?

I am not completely sure how to weave the feature bit into this when we have this deployed. If by that time the large majority supports it, maybe the logic as is is fine? If the original failure field is readable, we don't even need to look at attribution_data because the failure is already attributable. So we'd still only make a decision for that random data vulnerability that currently doesn't seem to be exploited.

But interested to hear how you see this.

@joostjager joostjager requested a review from carlaKC June 5, 2025 06:21
@ldk-reviews-bot
Copy link

🔔 1st Reminder

Hey @TheBlueMatt @carlaKC! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

@joostjager joostjager added the weekly goal Someone wants to land this this week label Jun 6, 2025
@joostjager joostjager requested review from TheBlueMatt and removed request for TheBlueMatt June 6, 2025 08:40
@ldk-reviews-bot
Copy link

🔔 1st Reminder

Hey @carlaKC! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TheBlueMatt TheBlueMatt TheBlueMatt approved these changes

@carlaKC carlaKC Awaiting requested review from carlaKC

Assignees
No one assigned
Labels
weekly goal Someone wants to land this this week
Projects
None yet
Milestone
0.2
Development

Successfully merging this pull request may close these issues.
4 participants
@joostjager @ldk-reviews-bot @TheBlueMatt @carlaKC