From 465a4cddaf244f9d799a150769094648947f4f96 Mon Sep 17 00:00:00 2001 From: Pierre-Marie Padiou Date: Wed, 20 Sep 2017 14:22:01 +0200 Subject: [PATCH] Only cross-signed htlcs can be fulfilled/failed --- 02-peer-protocol.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/02-peer-protocol.md b/02-peer-protocol.md index dc25e3d..cb6343f 100644 --- a/02-peer-protocol.md +++ b/02-peer-protocol.md @@ -715,8 +715,9 @@ For a unparsable HTLC: A node SHOULD remove an HTLC as soon as it can; in particular, a node SHOULD fail an HTLC which has timed out. -A node MUST NOT send `update_fulfill_htlc` until an HTLC is -irrevocably committed in both sides' commitment transactions. +A node MUST NOT send an `update_fulfill_htlc`, `update_fail_htlc` or +`update_fail_malformed_htlc` until the corresponding HTLC is irrevocably +committed in both sides' commitment transactions. A receiving node MUST check that `id` corresponds to an HTLC in its current commitment transaction, and MUST fail the channel if it does