Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement flag to require confirmations for v2 opens #5900

Merged
merged 11 commits into from
Feb 8, 2023
Merged

Implement flag to require confirmations for v2 opens #5900

merged 11 commits into from
Feb 8, 2023

Conversation

niftynei
Copy link
Collaborator

@niftynei niftynei commented Jan 14, 2023
edited
Loading

Requested-By: @t-bast

Respect and enable users to send a flag that requests the peer only use confirmed inputs for any v2 open request. Persists through to RBFs for the same channel as well.

Built on #5767, new commits begin at 1e09bdd

@niftynei niftynei force-pushed the nifty/impl-require-confirms branch 3 times, most recently from f341789 to b4b3eea Compare February 2, 2023 22:22
@niftynei niftynei mentioned this pull request Feb 3, 2023
Merged
@endothermicdev endothermicdev added this to the v23.02 milestone Feb 5, 2023
@rustyrussell
Copy link
Contributor

Rebased now prereq is merged, for review.

@rustyrussell
Copy link
Contributor

Trivial rebase now prereq is merged.

rustyrussell
rustyrussell approved these changes Feb 5, 2023
View reviewed changes
Copy link
Contributor

@rustyrussell rustyrussell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a pile of nits.

It's always a pleasure to review the code of a master!

wire/peer_wire.csv Outdated Show resolved Hide resolved
common/tx_roles.c Outdated Show resolved Hide resolved
lightningd/dual_open_control.c
Comment on lines +2953 to +3011
channel_internal_error(dualopend->channel,
"Bad DUALOPEND_VALIDATE_INPUTS: %s",
tal_hex(msg, msg));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

return after this (I know, shouldn't happen, but still...)

lightningd/dual_open_control.c Outdated
Comment on lines 2657 to 2662
static void openchannel_invalid_psbt(struct psbt_validator *pv, char *err_msg)
{
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

const char *err_msg

openingd/dualopend.c Outdated
Comment on lines 3244 to 3246
if (state->require_confirmed_inputs[REMOTE] &&
!validate_inputs(state, tx_state, state->our_role))
return;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks a bit weird, right? Maybe get validate_inputs() to return NULL or errmsg, and then do the open_abort() here if return is non-NULL? Fits the pattern in the rest, and seems more explicit?

@niftynei
v2 open: if flagged, check that all our inputs are confirmed
d44d272 
not amazing, since we'll probably call openchannel_update multiple
times per open, but this is the simplest way to confirm that we're
not sending unconfirmed outputs to peer.
@niftynei
tx_roles: allow to be serialized btw processes
cce1715 
We're going to use this in a bit to pass role type btw
dualopend/lightningd
@niftynei
df: persist channel open preference to database
9202d62 
technically we don't need this info after the channel opens, but for any
subsequent RBF (and maybe splice?) we need to remember what the
open/accept peer signaled
@niftynei
df: wire up peer's "require-confirmed-inputs"
a7ba19f 
We push this info out to the various RPCs/hooks.
@niftynei
df: push back psbt to validate iff peer requests confirmed inputs
16d7253 
`openchannel_init` takes a psbt, which we pipe over to dualopend
process.

If the peer requests that they'll only accept confirmed inputs, we need
to go validate those before we continue.

This wires up the harness for this (validation check yet tc)
@niftynei
df: for dryruns, inform on requires-confirmation value
560bd3b
@niftynei
df: reuse psbt validation for the psbts incoming from dualopend
bb1bf8f 
Add callback methods to extant psbt validator, and expand usage to
include the handling psbt validation requests from dualopend.
@niftynei
df: add new config option for v2 opens --require_confirmed_inputs
11397c9 
If set, require peers to only provide confirmed inputs for any v2 open
(both in accepter + opener role)
@niftynei
dualopend: if required, validate inputs rcvd from peer
5b6f618 
Pass in the "validate inputs confirmed" flag from lightningd; use flag
to determine whether or not to validate the inputs we've recieved from
peer.
@niftynei
df: persist our setting to disk, read back to dualopend at reinit
444559d 
It's not likely but possible that the node's settings will shift btw a
start and an RBF; we persist the setting to the database so we don't
lose it.

Right now holding onto it forever is kind of extra but maybe we'll
reuse the setting for splices? idk.

Should this be a channel type??
@niftynei
test (df): check 'require-confirmed-inputs' for v2 opens
8a00ce7
@rustyrussell
Copy link
Contributor

Ack 8a00ce7

@endothermicdev endothermicdev merged commit 3586559 into ElementsProject:master Feb 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rustyrussell rustyrussell rustyrussell approved these changes

@cdecker cdecker Awaiting requested review from cdecker

Assignees
No one assigned
Labels
dualfunding spec
Projects
None yet
Milestone
v23.02
Development

Successfully merging this pull request may close these issues.
3 participants
@niftynei @rustyrussell @endothermicdev