diff --git a/plugins/spender/multifundchannel.c b/plugins/spender/multifundchannel.c
index 68f407dda..3ce71b8bd 100644
--- a/plugins/spender/multifundchannel.c
+++ b/plugins/spender/multifundchannel.c
@@ -122,6 +122,7 @@ has_commitments_secured(const struct multifundchannel_destination *dest)
 		return false;
 	case MULTIFUNDCHANNEL_COMPLETED:
 	case MULTIFUNDCHANNEL_SECURED:
+	case MULTIFUNDCHANNEL_SIGNED_NOT_SECURED:
 	case MULTIFUNDCHANNEL_SIGNED:
 	case MULTIFUNDCHANNEL_DONE:
 		return true;
@@ -311,6 +312,7 @@ mfc_cleanup_(struct multifundchannel_command *mfc,
 			continue;
 		case MULTIFUNDCHANNEL_SECURED:
 		case MULTIFUNDCHANNEL_SIGNED:
+		case MULTIFUNDCHANNEL_SIGNED_NOT_SECURED:
 			/* We don't actually *send* the
 			 * transaction until here,
 			 * but peer isnt going to forget. This
diff --git a/plugins/spender/multifundchannel.h b/plugins/spender/multifundchannel.h
index cc67857bf..1519ccfa1 100644
--- a/plugins/spender/multifundchannel.h
+++ b/plugins/spender/multifundchannel.h
@@ -38,6 +38,8 @@ enum multifundchannel_state {
 	MULTIFUNDCHANNEL_SECURED,
 	/* We've recieved the peer sigs for this destination */
 	MULTIFUNDCHANNEL_SIGNED,
+	/* We've gotten their sigs, but still waiting for their commit sigs */
+	MULTIFUNDCHANNEL_SIGNED_NOT_SECURED,
 
 	/* The transaction might now be broadcasted.  */
 	MULTIFUNDCHANNEL_DONE,
diff --git a/plugins/spender/openchannel.c b/plugins/spender/openchannel.c
index 710044d2c..61a4bb5a4 100644
--- a/plugins/spender/openchannel.c
+++ b/plugins/spender/openchannel.c
@@ -564,8 +564,6 @@ static void json_peer_sigs(struct command *cmd,
 		   dest->mfc->id,
 		   tal_hexstr(tmpctx, &cid, sizeof(cid)));
 
-	assert(dest->state == MULTIFUNDCHANNEL_SECURED);
-
 	/* Combine with the parent. Unknown map dupes are ignored,
 	 * so the updated serial_id should persist on the parent */
 	tal_wally_start();
@@ -579,7 +577,19 @@ static void json_peer_sigs(struct command *cmd,
 					  dest->mfc->psbt));
 
 	tal_wally_end(dest->mfc->psbt);
-	dest->state = MULTIFUNDCHANNEL_SIGNED;
+
+	/* Bit of a race is possible here. If we're still waiting for
+	 * their commitment sigs to come back, we'll be in
+	 * "UPDATED" still. We check that SIGNED is hit before
+	 * we mark ourselves as ready to send the sigs, so it's ok
+	 * to relax this check */
+	if (dest->state == MULTIFUNDCHANNEL_UPDATED)
+		dest->state = MULTIFUNDCHANNEL_SIGNED_NOT_SECURED;
+	else {
+		assert(dest->state == MULTIFUNDCHANNEL_SECURED);
+		dest->state = MULTIFUNDCHANNEL_SIGNED;
+	}
+
 	check_sigs_ready(dest->mfc);
 }
 
@@ -727,8 +737,12 @@ openchannel_update_ok(struct command *cmd,
 		/* It's possible they beat us to the SIGNED flag,
 		 * in which case we just let that be the more senior
 		 * state position */
-		if (dest->state != MULTIFUNDCHANNEL_SIGNED)
+		if (dest->state == MULTIFUNDCHANNEL_SIGNED_NOT_SECURED)
+			dest->state = MULTIFUNDCHANNEL_SIGNED;
+		else {
+			assert(dest->state == MULTIFUNDCHANNEL_UPDATED);
 			dest->state = MULTIFUNDCHANNEL_SECURED;
+		}
 	} else
 		dest->state = MULTIFUNDCHANNEL_UPDATED;