Increase fulfill safety window (#1466)

Increase fulfill safety window Improve comments and explanations in various places.
2024-11-20 02:27:32 +01:00 · 2020-06-22 11:07:55 +02:00 · 2020-06-22 11:07:55 +02:00 · d5ec6a56e8
commit d5ec6a56e8
parent e07a8ecff2
5 changed files with 10 additions and 6 deletions
--- a/eclair-core/src/main/resources/reference.conf
+++ b/eclair-core/src/main/resources/reference.conf
@ -67,11 +67,13 @@ eclair {
  max-to-local-delay-blocks = 2016 // maximum number of blocks that we are ready to accept for our own delayed outputs (2016 ~ 2 weeks)
  mindepth-blocks = 3
  expiry-delta-blocks = 144
-  // When we receive the pre-image for an HTLC and want to fulfill it but the upstream peer stops responding, we want to
+  // When we receive the preimage for an HTLC and want to fulfill it but the upstream peer stops responding, we want to
  // avoid letting its HTLC-timeout transaction become enforceable on-chain (otherwise there is a race condition between
  // our HTLC-success and their HTLC-timeout).
  // We will close the channel when the HTLC-timeout will happen in less than this number.
-  fulfill-safety-before-timeout-blocks = 6
+  // NB: this number effectively reduces the expiry-delta-blocks, so you may want to take that into account and increase
+  // expiry-delta-blocks.
+  fulfill-safety-before-timeout-blocks = 24

  fee-base-msat = 1000
  fee-proportional-millionths = 100 // fee charged per transferred satoshi in millionths of a satoshi (100 = 0.01%)
--- a/eclair-core/src/main/scala/fr/acinq/eclair/CltvExpiry.scala
+++ b/eclair-core/src/main/scala/fr/acinq/eclair/CltvExpiry.scala
@ -55,6 +55,7 @@ case class CltvExpiryDelta(private val underlying: Int) extends Ordered[CltvExpi
  def +(other: Int): CltvExpiryDelta = CltvExpiryDelta(underlying + other)
  def +(other: CltvExpiryDelta): CltvExpiryDelta = CltvExpiryDelta(underlying + other.underlying)
  def -(other: CltvExpiryDelta): CltvExpiryDelta = CltvExpiryDelta(underlying - other.underlying)
+  def *(m: Int): CltvExpiryDelta = CltvExpiryDelta(underlying * m)
  def compare(other: CltvExpiryDelta): Int = underlying.compareTo(other.underlying)
  def toInt: Int = underlying
  // @formatter:on
--- a/eclair-core/src/main/scala/fr/acinq/eclair/NodeParams.scala
+++ b/eclair-core/src/main/scala/fr/acinq/eclair/NodeParams.scala
@ -179,7 +179,7 @@ object NodeParams {

    val expiryDeltaBlocks = CltvExpiryDelta(config.getInt("expiry-delta-blocks"))
    val fulfillSafetyBeforeTimeoutBlocks = CltvExpiryDelta(config.getInt("fulfill-safety-before-timeout-blocks"))
-    require(fulfillSafetyBeforeTimeoutBlocks < expiryDeltaBlocks, "fulfill-safety-before-timeout-blocks must be smaller than expiry-delta-blocks")
+    require(fulfillSafetyBeforeTimeoutBlocks * 2 < expiryDeltaBlocks, "fulfill-safety-before-timeout-blocks must be smaller than expiry-delta-blocks / 2 because it effectively reduces that delta; if you want to increase this value, you may want to increase expiry-delta-blocks as well")

    val nodeAlias = config.getString("node-alias")
    require(nodeAlias.getBytes("UTF-8").length <= 32, "invalid alias, too long (max allowed 32 bytes)")
--- a/eclair-core/src/main/scala/fr/acinq/eclair/channel/Channel.scala
+++ b/eclair-core/src/main/scala/fr/acinq/eclair/channel/Channel.scala
@ -1931,7 +1931,8 @@ class Channel(val nodeParams: NodeParams, val wallet: EclairWallet, remoteNodeId
      // Downstream timed out.
      handleLocalError(HtlcsTimedoutDownstream(d.channelId, timedOutOutgoing), d, Some(c))
    } else if (almostTimedOutIncoming.nonEmpty) {
-      // Upstream is close to timing out.
+      // Upstream is close to timing out, we need to test if we have funds at risk: htlcs for which we know the preimage
+      // that are still in our commitment (upstream will try to timeout on-chain).
      val relayedFulfills = d.commitments.localChanges.all.collect { case u: UpdateFulfillHtlc => u.id }.toSet
      val offendingRelayedHtlcs = almostTimedOutIncoming.filter(htlc => relayedFulfills.contains(htlc.id))
      if (offendingRelayedHtlcs.nonEmpty) {
--- a/eclair-core/src/main/scala/fr/acinq/eclair/channel/Commitments.scala
+++ b/eclair-core/src/main/scala/fr/acinq/eclair/channel/Commitments.scala
@ -77,8 +77,8 @@ case class Commitments(channelVersion: ChannelVersion,
  }

  /**
-   * HTLCs that are close to timing out upstream are potentially dangerous. If we received the pre-image for those
-   * HTLCs, we need to get a remote signed updated commitment that removes this HTLC.
+   * HTLCs that are close to timing out upstream are potentially dangerous. If we received the preimage for those HTLCs,
+   * we need to get a remote signed updated commitment that removes those HTLCs.
   * Otherwise when we get close to the upstream timeout, we risk an on-chain race condition between their HTLC timeout
   * and our HTLC success in case of a force-close.
   */