Rework channel announcement signatures handling #2969
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
t-bast
force-pushed
the
refactor-funding-deeply-buried
branch
from
91c5dd1 to
825ca9b
Compare
|
Codecov ReportAll modified and coverable lines are covered by tests ✅
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## master #2969 +/- ##
==========================================
- Coverage 86.19% 86.03% -0.16%
==========================================
Files 224 227 +3
Lines 20074 20334 +260
Branches 813 847 +34
==========================================
+ Hits 17302 17495 +193
- Misses 2772 2839 +67
|
t-bast
force-pushed
the
refactor-funding-deeply-buried
branch
from
7817752 to
bd49841
Compare
t-bast
changed the title
t-bast
force-pushed
the
refactor-funding-deeply-buried
branch
from
bd49841 to
8c4f001
Compare
remyers
requested changes
Jan 7, 2025
There was a problem hiding this comment.
Looks like a nice simplification for annoucement signatures. I only have a few nits and suggestions so far. I've reviewed it all line by line but will spend some time tomorrow to go back through and review the tests again in more detail to see if I can find anything that might be missing.
eclair-core/src/test/scala/fr/acinq/eclair/channel/states/e/NormalStateSpec.scala
Outdated
Show resolved
Hide resolved
eclair-core/src/test/scala/fr/acinq/eclair/channel/states/ChannelStateTestsHelperMethods.scala
Outdated
Show resolved
Hide resolved
We already use a minimum depth of 6 before announcing channels to protect against reorgs. However, we allowed using the channel for payments after only 3 confirmations (for small channels). A reorg of 3 blocks that invalidates the funding transaction would allow our peer to potentially steal funds. It's more consistent to use the same depth for announcing the channel and actually using it. Note that for wumbo channels, we already scaled the number of confirmations based on the size of the channel. For closing transaction, we don't need the same reorg safety, since we keep watching the funding output for any transaction that spends it, and concurrently spend any commitment transaction that we detect. We thus keep a minimum depth of 3 for closing transactions.
We were still using values from before the halving. We update those values and change the scaling factor to a reasonable scaling. This protects channels against attackers with significant mining power.
Now that we wait for at least 6 confirmations before considering a channel confirmed, we can simplify our channel announcement logic. Whenever a channel reaches the confirmed state, it can be announced to the network (if nodes wish to announce it). We thus don't need the "deeply buried" state and the "temporary" scid anymore. The logic is much simpler to follow: when the channel confirms, we internally update the real scid to match the confirmed funding tx and send our `announcement_signatures`. When we receive our peer's `announcement_signatures`, we stash them if the funding tx doesn't have enough confirmations yet, otherwise we announce the channel and create a new `channel_update` that uses the real scid. Whenever we create a `channel_update`, we simply look at whether the channel is announced or not to choose which scid to use. This will make it much simpler to announce splice transactions, which don't need a "deeply buried" state either and will instead simply rely on whether the splice transaction is confirmed or not to generate `announcement_signatures`.
t-bast
force-pushed
the
refactor-funding-deeply-buried
branch
from
04aa5cf to
5ba0f56
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Now that we wait for at least 6 confirmations before considering a channel confirmed, we can simplify our channel announcement logic. Whenever a channel reaches the confirmed state, it can be announced to the network (if nodes wish to announce it). We thus don't need the "deeply buried" state and the "temporary" scid anymore.
The logic is much simpler to follow: when the channel confirms, we internally update the real scid to match the confirmed funding tx and send our
announcement_signatures. When we receive our peer'sannouncement_signatures, we stash them if the funding tx doesn't have enough confirmations yet, otherwise we announce the channel and create a newchannel_updatethat uses the real scid.Whenever we create a
channel_update, we simply look at whether the channel is announced or not to choose which scid to use.This will make it much simpler to announce splice transactions, which don't need a "deeply buried" state either and will instead simply rely on whether the splice transaction is confirmed or not to generate
announcement_signatures.NB: builds on top of #2973