We now have current-local-tx broadcast ability in channel monitors
directly (for ChannelManager deserialization), so we can just use
that instead of always having the Channel store signed ready-to-go
copies of the latest local commitment transaction.
This is further kinda nice since ChannelMonitor is live and can, eg
broadcast HTLC-Success transactions immediately as they will be
generated at broadcast time instead of in advance.
Finally, this lets us clean up a tiny bit in Channel.
This adds a new fn to ChannelKeys which is called when we generte
a new remote commitment transaction for signing. While it may be
theoretically possible to unwind state updates by disconnecting and
reconnecting as well as making appropriate state machine changes,
the effort required to get it correct likely outweighs the UX cost
of "preflighting" the requests to hardwre wallets.
Instead of having in-memory access to the list of private keys
associated with a channel, we should have a generic API which
allows us to request signing, allowing the user to store private
keys any way they like.
The first step is the (rather mechanical) process of templating
the entire tree of ChannelManager -> Channel impls by the
key-providing type. In a later commit we should expose only public
keys where possible.
Extend test visibility of claim-tracking maps to do so.
Cover both "If 2 claimable-outpoint-spending txn are in 1 block,
clean up properly" and "Clean up claimable_outpoints when
pending_claim_requests is cleaned" fix commits in same patchset.
When claimable_outpoints was introduced in "Move
our_claim_txn_waiting_first_conf to pending_claim_requests", removal
of elements from it (which are just pointers into
pending_claim_requests) was never added.
This resolves an issue where we will never track 2 on-chain events
which are waiting for ANTI_REORG_DELAY at the same height.
This partially reverts and fixes "Move our_claim_txn_waiting_first_conf
to pending_claim_requests".
This resolves a regression introduced in "Implement bumping engine in
ChannelMonitor::block_connected" in which not all inputs are checked.
Several opportunities to clarify and clean up comments are also taken.
Fix test_bump_penalty_txn_on_revoked_htlcs as now remote claim txn
build the same way than us are going to be register as cleaning
pending_claim_request after ANTI_REORG_DELAY. It means during this
delay we are going to generate invalid bumped claiming txn on
already claimed outpoints. Previously these txn weren't issued
because all their outpoints would have been removed.
Fix full_stack_target by adding more input for FuzzEstimator
A pending claim request may contain a set of multiple outpoints.
If one or multiple of them get claimed by remote party, our in-flight
claiming transactions aren't valid anymore so we need to react
quickly and regenerate claiming transaction with accurate set.
However, a claimed outpoint may be disconnected and we need to resurrect
back outpoint among set of orignal pending claim request.
To guarantee consistency of contentious claimed outpoint we cache it
as OnchainEvent::ContentionsOutpoint and only delete it after
ANTI_REORG_DELAY.
Fix test broken by change, partial claiming on revoked txn
force us to regenerate txn
Given they are only signed by us we can RBF at wish
Fix tests broken by introduction of more txn broadcast
(channel_monitor_network_test)
Add locktime in RemoteHTLC as it's needed to generate
timeout txn.
Add RBF-bumping of justice txn, given they are only signed by us we
can RBF at wish.
Aggregation of bump-candidates and more aggresive bumping heuristics
are left open
Fix tests broken by introduction of more txn broadcast.
Some tests may have a relaxed check (claim_htlc_ouputs_single_tx)
as broadcast bumped txn are now interwining in previous broadcast ones
and breaking simple expectations
Use bumping engine to rebuild claiming transaction in case of partial-
claim of its outpoints set.
As local onchain txn are already monitored in block_connected by
check_spend_local_transaction, it's useless to generate twice
pending claims for HTLC outputs on local commitment tx.
We could do the alternative.
Add claimable_outpoints maps.
Both structures are tied and should ensure their mutual consistency.
Pending_claim_requests is cached by original claim txid. Medatada
and per input material should be constant between bumped transactions,
only change should be partial-claiming of outpoints set and block
reorgs.
Due to RBF rules, if an input has been part of an aggregate tx
at first claim try, if we want the bumped tx to land nicely
in the mempool, inputs should be distributed in multiple
bumped tx but still be aggregate in a new bumped tx.
