mirror of
https://github.com/ACINQ/eclair.git
synced 2024-11-20 02:27:32 +01:00
6e0d087c5f
There are two different expiry checks: (a) relative checks: when relaying an htlc, we need to be sure that the difference of expiries between the outgoing htlc and the incoming htlc is equal to the `cltv_expiry_delta` that we advertise in the `channel_update` for the outgoing channel; (b) absolute checks: we need to make sure that those values are not too early or too far compared to the current "blockchain time". The check for (a) needs to be done in the `Relayer`, which is the case currently. This means that we will check the expiry delta *after* having signed the incoming htlc, and we will fail the htlc (not the channel) if the delta is incorrect. The check for (b) was done in the `Commitments.receiveAdd` method. This seems to make sense, because we would want to make sure as early as possible that an incoming htlc has correct expiries, but it is actually incorrect: the spec tells us to accept (=cross-sign) the htlc, and only then to fail it before relaying it to the next node. Indeed there is no risk in accepting an htlc that has an expiry in the past, or an expiry very far in the future, because this only affects the counterparty's balance. We just don't want to sign that kind of outgoing htlcs. Moving the check to the `sendAdd` will result in an error being return to the relayer, which will then fail the corresponding incoming htlc. |
||
|---|---|---|
| .. | ||
| src | ||
| eclair-cli | ||
| pom.xml | ||