Introduce FundingTransactionReadyForSignatures event
#3889
Conversation
|
👋 Thanks for assigning @wpaulino as a reviewer! |
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
from
165d59d to
8ca6d79
Compare
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #3889 +/- ##
==========================================
- Coverage 89.01% 88.88% -0.14%
==========================================
Files 174 174
Lines 124395 125030 +635
Branches 124395 125030 +635
==========================================
+ Hits 110730 111132 +402
- Misses 11187 11396 +209
- Partials 2478 2502 +24
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
1 similar comment
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
from
890633d to
a1de384
Compare
|
🔔 2nd Reminder Hey @wpaulino! This PR has been waiting for your review. |
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
2 times, most recently
from
7df5779 to
c8f981c
Compare
|
🔔 3rd Reminder Hey @wpaulino! This PR has been waiting for your review. |
Yeah, they got lost on a rebase and somehow lost the commit. Rebased to get the one CI fix in. Fixing. |
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
2 times, most recently
from
c15f426 to
ff1489d
Compare
|
🔔 4th Reminder Hey @wpaulino! This PR has been waiting for your review. |
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
from
ff1489d to
0a586e6
Compare
|
🔔 5th Reminder Hey @wpaulino! This PR has been waiting for your review. |
|
🔔 6th Reminder Hey @wpaulino! This PR has been waiting for your review. |
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
2 times, most recently
from
a9e1a3a to
83e78d6
Compare
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
from
fdf8e21 to
1fe02a7
Compare
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
2 times, most recently
from
fa4b4b1 to
60e8c7d
Compare
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
from
60e8c7d to
91ce15f
Compare
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
from
91ce15f to
04e66f1
Compare
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
2 times, most recently
from
381a990 to
abba0a7
Compare
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
from
abba0a7 to
c91e213
Compare
|
🔔 1st Reminder Hey @jkczyz! This PR has been waiting for your review. |
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
from
c91e213 to
882c313
Compare
| self.funding.funding_transaction = funding_tx_opt.clone(); | ||
| self.context.channel_state = | ||
| ChannelState::AwaitingChannelReady(AwaitingChannelReadyFlags::new()); |
There was a problem hiding this comment.
Could you add a TODO(splicing) to use the pending FundingScope and set the channel_state back to ChannelReady?
There was a problem hiding this comment.
I'm going to fix it in the new few days anyway so I wouldn't bother
| } | ||
|
|
||
| if funding_tx_opt.is_some() { | ||
| self.funding.funding_transaction = funding_tx_opt.clone(); |
There was a problem hiding this comment.
We don't need to clone, we can consume it here and return a reference back
There was a problem hiding this comment.
If we return the shared reference Option<&Transaction> from FundedChannel's funding.funding_transaction back then we'll have it exist at the same time as the exclusive reference &mut FundedChannel at the call site which isn't legal.
Since we'd have:
match channel.funding_transaction_signed(vec![]) {
Ok((Some(tx_signatures), funding_tx_opt)) => {
if let Some(funding_tx) = funding_tx_opt {
// funding_tx is &Transaction from FundedChannel and channel is &mut FundedChannel
self.broadcast_interactive_funding(channel, funding_tx);
}
pending_msg_events.push(MessageSendEvent::SendTxSignatures {
node_id: counterparty_node_id,
msg: tx_signatures,
});
},
...
}| self.funding.funding_transaction = funding_tx_opt.clone(); | ||
| self.context.channel_state = | ||
| ChannelState::AwaitingChannelReady(AwaitingChannelReadyFlags::new()); |
There was a problem hiding this comment.
I'm going to fix it in the new few days anyway so I wouldn't bother
| } | ||
|
|
||
| if funding_tx_opt.is_some() { | ||
| self.funding.funding_transaction = funding_tx_opt.clone(); |
There was a problem hiding this comment.
If we return the shared reference Option<&Transaction> from FundedChannel's funding.funding_transaction back then we'll have it exist at the same time as the exclusive reference &mut FundedChannel at the call site which isn't legal.
Since we'd have:
match channel.funding_transaction_signed(vec![]) {
Ok((Some(tx_signatures), funding_tx_opt)) => {
if let Some(funding_tx) = funding_tx_opt {
// funding_tx is &Transaction from FundedChannel and channel is &mut FundedChannel
self.broadcast_interactive_funding(channel, funding_tx);
}
pending_msg_events.push(MessageSendEvent::SendTxSignatures {
node_id: counterparty_node_id,
msg: tx_signatures,
});
},
...
}
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
from
882c313 to
59c763e
Compare
The `FundingTransactionReadyForSignatures` event requests witnesses from the client for their contributed inputs to an interactively constructed transaction. The client calls `ChannelManager::funding_transaction_signed` to provide the witnesses to LDK. The `handle_channel_resumption` method handles resumption from both a channel re-establish and a monitor update. When the corresponding monitor update for the commitment_signed message completes, we will push the event here. We can thus only ever provide holder signatures after a monitor update has completed. We can also get rid of the reestablish code involved with `monitor_pending_tx_signatures` and remove that field too.
…hecks In a following commit, We'll use the contained scriptPubKeys to validate P2WPKH and P2TR key path spends and to assist in checking that signatures in provided holder witnesses use SIGHASH_ALL to prevent funds being frozen or held ransom.
LDK checks the following: * Each input spends an output that is one of P2WPKH, P2WSH, or P2TR. These were already checked by LDK when the inputs to be contributed were provided. * All signatures use the `SIGHASH_ALL` sighash type. * P2WPKH and P2TR key path spends are valid (verifies signatures) NOTE: * When checking P2WSH spends, LDK tries to decode 70-72 byte witness elements as ECDSA signatures with a sighash flag. If the internal DER-decoding fails, then LDK just assumes it wasn't a signature and carries with checks. If the element can be decoded as an ECDSA signature, the the sighash flag must be `SIGHASH_ALL`. * When checking P2TR script-path spends, LDK assumes all elements of exactly 65 bytes with the last byte matching any valid sighash flag byte are schnorr signatures and checks that the sighash type is `SIGHASH_ALL`. If the last byte is not any valid sighash flag, the element is assumed not to be a signature and is ignored. Elements of 64 bytes are not checked because if they were schnorr signatures then they would implicitly be `SIGHASH_DEFAULT` which is an alias of `SIGHASH_ALL`.
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
from
59c763e to
9cd4091
Compare
|
Rebased to get #3997 in and CI passing |
| @@ -516,6 +537,161 @@ impl InteractiveTxSigningSession { | |||
| output: outputs.iter().cloned().map(|output| output.into_tx_out()).collect(), | |||
| } | |||
| } | |||
|
|
|||
| pub fn verify_interactive_tx_signatures( | |||
There was a problem hiding this comment.
nit: no longer needs to be pub.
Cherry-picked from #3735 as it is relevant to splicing and will unblock testing after #3736 lands.
The
FundingTransactionReadyForSignaturesevent requests witnesses from the client for their contributed inputs to an interactively constructed transaction.The client calls
ChannelManager::funding_transaction_signedto provide the witnesses to LDK.