bolt2: disallow sending multiple shutdown msg

This is a second proposal different from lightning#976 where it is not allowed to send multiple shutdown messages from the receiver viewpoint. The rationale for this is to avoid bad cases like the following one that is permitted by the spec ``` ____________________________________________ | sender -> shutdown(script_one) -> receiver | | sender -> shutdown(script_two) -> receiver | | sender <- shutdown(script_one) <- receiver | -------------------------------------------- ``` Signed-off-by: Vincenzo Palazzo <vincenzopalazzodev@gmail.com>
vincenzopalazzo · Apr 11, 2022 · acb4646 · acb4646
1 parent e60d594
commit acb4646
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/02-peer-protocol.md b/02-peer-protocol.md
@@ -544,6 +544,7 @@ A sending node:
   - MAY send a `shutdown` before a `funding_locked`, i.e. before the funding transaction has reached `minimum_depth`.
   - if there are updates pending on the receiving node's commitment transaction:
     - MUST NOT send a `shutdown`.
+  - MIST not send multiple `shutdown` message.
   - MUST NOT send an `update_add_htlc` after a `shutdown`.
   - if no HTLCs remain in either commitment transaction:
     - MUST NOT send any `update` message after a `shutdown`.
@@ -559,6 +560,8 @@ A sending node:
         (witness program versions 1 through 16)
 
 A receiving node:
+  - if it have received multiple `shutdown`:
+    - should ignore the others after the first one.
   - if it hasn't received a `funding_signed` (if it is a funder) or a `funding_created` (if it is a fundee):
     - SHOULD send an `error` and fail the channel.
   - if the `scriptpubkey` is not in one of the above forms: