-
Notifications
You must be signed in to change notification settings - Fork 267
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Send channel_announcement
for splice transactions on public channels
#2968
base: master
Are you sure you want to change the base?
Conversation
defefb4
to
54de064
Compare
channel_announcement
to Commitment
channel_announcement
for splice transactions on public channels
@@ -327,6 +327,14 @@ private[channel] object ChannelCodecs3 { | |||
("claimHtlcDelayedPenaltyTxs" | listOfN(uint16, claimHtlcDelayedOutputPenaltyTxCodec)) :: | |||
("spent" | spentMapCodec)).as[RevokedCommitPublished] | |||
|
|||
private val shortids: Codec[ShortIdAliases] = ( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Important note: for channels encoded with v3 or lower, we don't add any migration code, so it looks like we're losing information about the real short_channel_id
, but that isn't the case: since we set localFundingStatus
to unconfirmed
(in ChannelTypes0.scala
and ChannelTypes3.scala
), we will set a WatchFundingConfirmed
when restarting which lets us obtain details about the funding transaction and correctly set the short_channel_id
.
29abd57
to
29628d5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've taken a first pass and it looks good so far. I've focused mostly on the channel and router behavior; less on the serialization so far.
During a channel reestablishment it seems like we only resend announcement sigs when no announcement was sent during initial funding, but not during splices.
I also have a few questions and suggestions to add tests for a few incidental bug fixes you made during the refactor that probably don't have associated tests.
We already use a minimum depth of 6 before announcing channels to protect against reorgs. However, we allowed using the channel for payments after only 3 confirmations (for small channels). A reorg of 3 blocks that invalidates the funding transaction would allow our peer to potentially steal funds. It's more consistent to use the same depth for announcing the channel and actually using it. Note that for wumbo channels, we already scaled the number of confirmations based on the size of the channel. For closing transaction, we don't need the same reorg safety, since we keep watching the funding output for any transaction that spends it, and concurrently spend any commitment transaction that we detect. We thus keep a minimum depth of 3 for closing transactions.
We were still using values from before the halving. We update those values and change the scaling factor to a reasonable scaling. This protects channels against attackers with significant mining power.
Now that we wait for at least 6 confirmations before considering a channel confirmed, we can simplify our channel announcement logic. Whenever a channel reaches the confirmed state, it can be announced to the network (if nodes wish to announce it). We thus don't need the "deeply buried" state and the "temporary" scid anymore. The logic is much simpler to follow: when the channel confirms, we internally update the real scid to match the confirmed funding tx and send our `announcement_signatures`. When we receive our peer's `announcement_signatures`, we stash them if the funding tx doesn't have enough confirmations yet, otherwise we announce the channel and create a new `channel_update` that uses the real scid. Whenever we create a `channel_update`, we simply look at whether the channel is announced or not to choose which scid to use. This will make it much simpler to announce splice transactions, which don't need a "deeply buried" state either and will instead simply rely on whether the splice transaction is confirmed or not to generate `announcement_signatures`.
We now support splicing on public channels: once the splice transaction is confirmed and locked on both sides, nodes will exchange announcement signatures that allows them to create a `channel_announcement` that they then broadcast to the network. This requires reworking the data model to include the announcement and the real `short_channel_id` in each commitment, which lets us cleanly distinguish real `short_channel_id`s from aliases (which are set at the channel level regardless of the current commitments). The flow now becomes: - when the funding transaction of a commitment confirms, we set the corresponding real `short_channel_id` in that commitment - if the channel is public and we've received `channel_ready` or `splice_locked`, we send our `announcement_signatures` - if we receive `announcement_signatures` for a commitment for which the funding transaction is unconfirmed, we stash it and replay it when the transaction confirms - if we receive `announcement_signatures` for a confirmed commitment, and we don't have a more recently announced commitment, we generate a `channel_announcement`, store it with the commitment and update our router data When creating a `channel_update` for a public channel, we always use the `short_channel_id` that matches the latest announcement we created. This is very important to guarantee that nodes receiving our updates will not discard them because they cannot match it to a channel. For private channels, we stop allowing usage of the `short_channel_id` for routing: `scid_alias` MUST be used, which ensures that the channel utxo isn't revealed. Note that when migrating to taproot channels, `splice_locked` will be used to transmit nonces for the announcement signatures, which will be compatible with the existing flow (and similarly, `channel_ready` will be used for the initial funding transaction). They are retransmitted on reconnection to ensure that the announcements can be generated.
29628d5
to
1bf54c1
Compare
We now support splicing on public channels: once the splice transaction is confirmed and locked on both sides, nodes will exchange announcement signatures that allows them to create a
channel_announcement
that they then broadcast to the network.This requires reworking the data model to include the announcement and the real
short_channel_id
in each commitment, which lets us cleanly distinguish realshort_channel_id
s from aliases (which are set at the channel level regardless of the current commitments).The flow now becomes:
short_channel_id
in that commitmentchannel_ready
orsplice_locked
, we send ourannouncement_signatures
announcement_signatures
for a commitment for which the funding transaction is unconfirmed, we stash it and replay it when the transaction confirmsannouncement_signatures
for a confirmed commitment, and we don't have a more recently announced commitment, we generate achannel_announcement
, store it with the commitment and update our router dataWhen creating a
channel_update
for a public channel, we always use theshort_channel_id
that matches the latest announcement we created. This is very important to guarantee that nodes receiving our updates will not discard them because they cannot match it to a channel.For private channels, we stop allowing usage of the
short_channel_id
for routing:scid_alias
MUST be used, which ensures that the channel utxo isn't revealed.Note that when migrating to taproot channels,
splice_locked
will be used to transmit nonces for the announcement signatures, which will be compatible with the existing flow (and similarly,channel_ready
will be used for the initial funding transaction). They are retransmitted on reconnection to ensure that the announcements can be generated.NB: builds on top of #2969