ChannelManager::send_probeandScore::probe_{failed,successful}have been added to make probing more explicit, as well as newEvent::Probe{Failed,Successful}events (#1567).ProbabilisticScoringParameters::banned_nodeshas been renamedmanual_node_penaltiesand changed to take msat penalties (#1592).- Per-payment tracking of failed paths was added to enable configuration of
ProbabilisticScoringParameters::considered_impossible_penalty_msat(#1600) ProbabilisticScoringParameters::base_penalty_amount_multiplier_msatwas added to allow a penalty that is only amount-dependent (#1617).ProbabilisticScoringParameters::amount_penalty_multiplier_msatwas renamedliquidity_penalty_amount_multiplier_msat(#1617).- A new
Event::HTLCHandlingFailedhas been added which provides visibility into failures to forward/claim accepted HTLCs (#1403). - Support has been added for DNS hostnames in the
NetAddresstype, see BOLT PR #911 (#1553). GossipSyncnow hasrapid,p2p, andnoneconstructors (#1618).lightning-net-tokiono longer requires types to be inArcs (#1623).- The
htlc_maximum_msatfield is now required inChannelUpdategossip messages. In tests this rejects < 1% of channels (#1519). ReadOnlyNetworkGraph::{channel,node}have been added to query for individual channel/node data, primarily for bindings users (#1543).FeeEstimatorimplementations are now wrapped internally to ensure values below 253 sats/kW are never used (#1552).- Route selection no longer attempts to randomize path selection. This is unlikely to lead to a material change in the paths selected (#1610).
- Fixed a panic when deserializing
ChannelDetailsobjects (#1588). - When routing, channels are no longer fully saturated before MPP splits are
generated, instead a configuration knob was added as
PaymentParameters::max_channel_saturation_power_of_half(#1605). - Fixed a panic which occurred in
ProbabilisticScorerwhen wallclock time goes backwards across a restart (#1603).
- All new fields are ignored by prior versions of LDK. All new fields are not present when reading objects serialized by prior versions of LDK.
- Channel information written in the
NetworkGraphwhich is missinghtlc_maximum_msatmay be dropped on deserialization (#1519). - Similarly, node information written in the
NetworkGraphwhich contains an invalid hostname may be dropped on deserialization (#1519).
In total, this release features 79 files changed, 2935 insertions, 1363 deletions in 52 commits from 9 authors, in alphabetical order:
- Duncan Dean
- Elias Rohrer
- Jeffrey Czyz
- Matt Corallo
- Max Fang
- Viktor Tigerström
- Willem Van Lint
- Wilmer Paulino
- jurvis
ChannelManager::update_channel_confighas been added to allow the fields inChannelConfigto be changed in a given channel after open (#1527).- If we reconnect to a peer which proves we have a stale channel state, rather than force-closing we will instead panic to provide an opportunity to switch to the latest state and continue operating without channel loss (#1564).
- A
NodeAliasstruct has been added which handles string sanitization for node aliases via theDisplaytrait (#1544). ProbabilisticScoringParametersnow has abanned_nodesset which we will never route through during path finding (#1550).ProbabilisticScoringParametersnow offers ananti_probing_penalty_msatoption to prefer channels which afford better privacy when routing (#1555).ProbabilisticScorernow provides access to its estimated liquidity range for a given channel viaestimated_channel_liquidity_range(#1549).ChannelManager::force_close_channelhas been renamedforce_close_broadcasting_latest_txnandforce_close_without_broadcasting_txnhas been added (#1564).- Options which cannot be changed at runtime have been moved from
ChannelConfigtoChannelHandshakeConfig(#1529). find_routetakes&NetworkGraphinstead of `ReadOnlyNetworkGraph (#1583).ChannelDetailsnow contains a copy of the currentChannelConfig(#1527).- The
lightning-invoicecrate now optionally depends onserde, withInvoiceimplementingserde::{Deserialize,Serialize}if enabled (#1548). - Several fields in
UserConfighave been renamed for clarity (#1540).
find_routeno longer selects routes with more thanPaymentParameters::max_mpp_path_countpaths, andChannelManager::send_paymentno longer refuses to send along routes with more than ten paths (#1526).- Fixed two cases where HTLCs pending at the time a counterparty broadcasts a revoked commitment transaction are considered resolved prior to their actual resolution on-chain, possibly passing the update to another channel (#1486).
- HTLCs which are relayed through LDK may now have a total expiry time two weeks in the future, up from one, reducing forwarding failures (#1532).
- All new fields are ignored by prior versions of LDK. All new fields are not present when reading objects serialized by prior versions of LDK.
ChannelConfig's serialization format has changed and is not compatible with any previous version of LDK. Attempts to read values written by a previous version of LDK will fail and attempts to read newly written objects using a previous version of LDK will fail. It is not expected that users are serializingChannelConfigusing the LDK serialization API, however, if a backward compatibility wrapper is required, please open an issue.
0.0.109 fixes a denial-of-service vulnerability which is reachable from untrusted input in some application deployments.
- Third parties which are allowed to open channels with an LDK-based node may
fund a channel with a bogus and maliciously-crafted transaction which, when
spent, can cause a panic in the channel's corresponding
ChannelMonitor. Such a channel is never usable as it cannot be funded with a funding transaction which matches the required output script, allowing theChannelMonitorfor such channels to be safely purged as a workaround on previous versions of LDK. Thanks to Eugene Siegel for reporting this issue.
In total, this release features 32 files changed, 1948 insertions, 532 deletions in 33 commits from 9 authors, in alphabetical order:
- Antoine Riard
- Daniel Granhão
- Elias Rohrer
- Jeffrey Czyz
- Matt Corallo
- Matt Faltyn
- NicolaLS
- Valentine Wallace
- Wilmer Paulino
- Fixed
lightning-background-processorbuild in release mode.
In total, this release features 9 files changed, 120 insertions, 74 deletions in 5 commits from 4 authors, in alphabetical order:
- Elias Rohrer
- Matt Corallo
- Max Fang
- Viktor Tigerström
- Channels larger than 16777215 sats (Wumbo!) are now supported and can be
enabled for inbound channels using
ChannelHandshakeLimits::max_funding_satoshis(#1425). - Support for feature
option_zeroconf, allowing immediate forwarding of payments after channel opening. This is configured for outbound channels usingChannelHandshakeLimits::trust_own_funding_0confwhereasChannelManager::accept_inbound_channel_from_trusted_peer_0confhas to be used for accepting inbound channels (#1401, #1505). ChannelManager::claim_fundsno longer returns aboolto indicate success. Instead, anEvent::PaymentClaimedis generated if the claim was successful. Likewise,ChannelManager::fail_htlc_backwardsno longer has a return value (#1434).lightning-rapid-gossip-syncis a new crate for syncing gossip data from a server, primarily aimed at mobile devices (#1155).RapidGossipSynccan be passed toBackgroundProcessorin order to persist theNetworkGraphand handleNetworkUpdates during event handling (#1433, #1517).NetGraphMsgHandlerhas been renamed toP2PGossipSync, thenetwork_graphmodule has been renamed togossip, andNetworkUpdate::ChannelClosedhas been renamedNetworkUpdate::ChannelFailure(#1159).- Added a
filtered_block_connectedmethod tochain::Listenand a default implementation ofblock_connectedfor those fetching filtered instead of full blocks (#1453). - The
lightning-block-synccrate'sBlockSourcetrait methods now take&selfinstead of&mut self(#1307). inbound_paymentmodule is now public to allow for creating invoices without aChannelManager(#1384).lightning-block-sync'sinitandpollmodules support&dyn BlockSourcewhich can be determined at runtime (#1423).lightning-invoicecrate'sutilsnow accept an expiration time (#1422, #1474).Event::PaymentForwardedincludesprev_channel_idandnext_channel_id(#1419, #1475).chain::Watch::release_pending_monitor_events' return type now associatesMonitorEvents with fundingOutPoints(#1475).lightning-background-processorcrate'sPersistertrait has been moved tolightningcrate'sutil::persistmodule, which now has a generalKVStorePersistertrait. Blanket implementations ofPersisterandchainmonitor::Persistare given for types implementingKVStorePersister.lightning-persister'sFilesystemPersisterimplementsKVStorePersister(#1417).ChannelDetailsandChannelCounterpartyinclude fields for HTLC minimum and maximum values (#1378).- Added a
max_inbound_htlc_value_in_flight_percent_of_channelfield toChannelHandshakeConfig, capping the total value of outstanding inbound HTLCs for a channel (#1444). ProbabilisticScoreris parameterized by aLogger, which it uses to log channel liquidity updates or lack thereof (#1405).ChannelDetailshas anoutbound_htlc_limit_msatfield, which should be used in routing instead ofoutbound_capacity_msat(#1435).ProbabilisticScorer's channel liquidities can be logged viadebug_log_liquidity_stats(#1460).BackgroundProcessornow takes an optionalWriteableScorewhich it will persist using thePersistertrait's newpersist_scorermethod (#1416).- Upgraded to
bitcoincrate version 0.28.1 (#1389). ShutdownScript::new_witness_programnow takes aWitnessVersioninstead of aNonZeroU8(#1389).- Channels will no longer be automatically force closed when the counterparty is disconnected due to incompatibility (#1429).
ChannelManagermethods for funding, accepting, and closing channels now take acounterparty_node_idparameter, which has also been added as a field toEvent::FundingGenerationReady(#1479, #1485).InvoicePayer::newnow takes aRetryenum (replacing theRetryAttemptsstruct), which supports both attempt- and timeout-based retrying (#1418).Score::channel_penalty_msattakes aChannelUsagestruct, which contains the capacity as anEffectiveCapacityenum and any potential in-flight HTLC value, rather than a singleu64. Used byProbabilisticScorerfor more accurate penalties (#1456).build_route_from_hopsis a new function useful for constructing aRoutegiven a specific list of public keys (#1491).FundingLockedmessage has been renamedChannelReady, and related identifiers have been renamed accordingly (#1506).core2::ioorstd::io(depending on feature flagsno-stdorstd) is exported as alightning::iomodule (#1504).- The deprecated
Scorerhas been removed in favor orProbabilisticScorer(#1512).
lightning-persistercrate'sFilesystemPersisteris faster by 15x (#1404).- Log gossip query messages at
GOSSIPinstead ofTRACEto avoid overwhelming default logging (#1421). PeerManagersupports processing messages from different peers in parallel, and this is taken advantage of in gossip processing (#1023).- Greatly reduced per-channel and per-node memory usage due to upgrade of
secp256k1crate to 0.22.1 andbitcoincrate to 0.28.1 - Reduced per-peer memory usage in
PeerManager(#1472).
find_routenow assumes variable-length onions by default for nodes where support for the feature is unknown (#1414).- A
warnmessage is now sent when receiving achannel_reestablishwith an old commitment transaction number rather than immediately force-closing the channel (#1430). - When a
channel_updatemessage is included in an onion error'sfailuremsg, its message type is now encoded. Reading such messages is also supported (#1465).
- Fixed a bug where crashing while persisting a
ChannelMonitorUpdatefor a part of a multi-path payment could cause loss of funds due to a partial payment claim on restart (#1434). BackgroundProcessorhas been fixed to improve serialization reliability on slow systems which can avoid force-closes (#1436).gossip_timestamp_filterfilters are now honored when sending gossip to peers (#1452).- During a reorg, only force-close a channel if its funding transaction is unconfirmed rather than as it loses confirmations (#1461).
- Fixed a rare panic in
lightning-net-tokiowhen fetching a peer's socket address after the connection has been closed caused by a race condition (#1449). find_routewill no longer return routes that would cause onion construction to fail in some cases (#1476).ProbabilisticScoreruses more precision when approximatinglog10(#1406).
- All above new events/fields are ignored by prior clients. All above new events/fields are not present when reading objects serialized by prior versions of the library.
ChannelManagerserialization is no longer compatible with versions prior to 0.0.99 (#1401).- Channels with
option_zeroconffeature enabled (not required for 0-conf channel use) will be unreadable by versions prior to 0.0.107 (#1401, #1505).
In total, this release features 96 files changed, 9304 insertions, 4503 deletions in 153 commits from 18 authors, in alphabetical order:
- Arik Sosman
- Devrandom
- Duncan Dean
- Elias Rohrer
- Jeffrey Czyz
- John Cantrell
- John Corser
- Jurvis Tan
- Justin Moon
- KaFai Choi
- Matt Faltyn
- Matt Corallo
- Valentine Wallace
- Viktor Tigerström
- Vincenzo Palazzo
- atalw
- dependabot[bot]
- shamardy
- Minimum supported rust version (MSRV) is now 1.41.1 (#1310).
- Lightning feature
option_scid_aliasis now supported and may be negotiated when opening a channel with a peer. It can be configured viaChannelHandshakeConfig::negotiate_scid_privacyand is off by default but will be on by default in the future (#1351). OpenChannelRequestnow has achannel_typefield indicating the features the channel will operate with and should be used to filter channels with undesirable features (#1351). See the Serialization Compatibility section.ChannelManagersupports sending and receiving short channel id aliases in thefunding_lockedmessage. These are used when forwarding payments and constructing invoice route hints for improved privacy.ChannelDetailshas ainbound_scid_aliasfield and aget_inbound_payment_scidmethod to support the latter (#1311).DefaultRouterandfind_routetake an additional random seed to improve privacy by adding a random CLTV expiry offset to each path's final hop. This helps obscure the intended recipient from adversarial intermediate hops (#1286). The seed is also used to randomize candidate paths during route selection (#1359).- The
lightning-block-synccrate'sinit::synchronize_listenersmethod interface has been relaxed to support multithreaded environments (#1349). ChannelManager::create_inbound_payment_for_hash's documentation has been corrected to remove the one-year restriction oninvoice_expiry_delta_secs, which is only applicable to the deprecatedcreate_inbound_payment_legacyandcreate_inbound_payment_for_hash_legacymethods (#1341).Featuresmutator methods now takeselfby reference instead of by value (#1331).- The CLTV of the last hop in a path is now included when comparing against
RouteParameters::max_total_cltv_expiry_delta(#1358). - Invoice creation functions in
lightning-invoicecrate'sutilsmodule include versions that accept a description hash instead of only a description (#1361). RoutingMessageHandler::sync_routing_tablehas been renamedpeer_connected(#1368).MessageSendEvent::SendGossipTimestampFilterhas been added to indicate that agossip_timestamp_filtershould be sent (#1368).PeerManagertakes an optionalNetAddressinnew_outbound_connectionandnew_inbound_connection, which is used to report back the remote address to the connecting peer in theinitmessage (#1326).ChannelManager::accept_inbound_channelnow takes auser_channel_id, which is used in a similar manner as in outbound channels. (#1381).BackgroundProcessornow persistsNetworkGraphon a timer and upon shutdown as part of a newPersistertrait, which also includesChannelManagerpersistence (#1376).ProbabilisticScoringParametersnow has abase_penalty_msatoption, which default to 500 msats. It is applied at each hop to help avoid longer paths (#1375).ProbabilisticScoringParameters::liquidity_penalty_multiplier_msat's default value is now 40,000 msats instead of 10,000 msats (#1375).- The
lightningcrate has agrind_signaturesfeature used to produce signatures with low r-values for more predictable transaction weight. This feature is on by default (#1388). ProbabilisticScoringParametersnow has aamount_penalty_multiplier_msatoption, which is used to further penalize large amounts (#1399).PhantomRouteHints,FixedPenaltyScorer, andScoringParametersnow implementClone(#1346).
- Fixed a compilation error in
ProbabilisticScorerunder--feature=no-std(#1347). - Invoice creation functions in
lightning-invoicecrate'sutilsmodule filter invoice hints in order to limit the invoice size (#1325). - Fixed a bug where a
funding_lockedmessage was delayed by a block if the funding transaction was confirmed while offline, depending on the ordering ofConfirm::transactions_confirmedcalls when brought back online (#1363). - Fixed a bug in
NetGraphMsgHandlerwhere it didn't continue to receive gossip messages from peers after initial connection (#1368, #1382). ChannelManager::timer_tick_occurredwill now timeout a received multi-path payment (MPP) after three ticks if not received in full instead of waiting until near the HTLC timeout block(#1353).- Fixed an issue with
find_routecausing it to be overly aggressive in using MPP over channels to the same first hop (#1370). - Reduced time spent processing
channel_updatemessages by checking signatures after checking if no newer messages have already been processed (#1380). - Fixed a few issues in
find_routewhich caused preferring paths with a higher cost (#1398). - Fixed an issue in
ProbabilisticScorerwhere a channel with not enough liquidity could still be used when retrying a failed payment if it was on a path with an overall lower cost (#1399).
- Channels open with
option_scid_aliasnegotiated will be incompatible with prior releases (#1351). This may occur in the following cases:- Outbound channels when
ChannelHandshakeConfig::negotiate_scid_privacyis enabled. - Inbound channels when automatically accepted from an
OpenChannelmessage with achannel_typethat hasChannelTypeFeatures::supports_scid_privacyreturn true. SeeUserConfig::accept_inbound_channels. - Inbound channels when manually accepted from an
OpenChannelRequestwith achannel_typethat hasChannelTypeFeatures::supports_scid_privacyreturn true. SeeUserConfig::manually_accept_inbound_channels.
- Outbound channels when
In total, this release features 43 files changed, 4052 insertions, 1274 deletions in 75 commits from 11 authors, in alphabetical order:
- Devrandom
- Duncan Dean
- Elias Rohrer
- Jeffrey Czyz
- Jurvis Tan
- Luiz Parreira
- Matt Corallo
- Omar Shamardy
- Viktor Tigerström
- dependabot[bot]
- psycho-pirate
Phantom nodepayments are now supported, allowing receipt of a payment on any one of multiple nodes without any coordination across the nodes being required. See the newPhantomKeysManager's docs for more, as well as requirements onKeysInterface::get_inbound_payment_key_materialandlightning_invoice::utils::create_phantom_invoice(#1199).- In order to support phantom node payments, several
KeysInterfacemethods now accept aRecipientparameter to select between the localnode_idand a phantom-specific one. ProbabilisticScorer, aScorebased on learning the current balances of channels in the network, was added. It attempts to better capture payment success probability than the existingScorer, though may underperform on nodes with low payment volume. We welcome feedback on performance (#1227).Score::channel_penalty_msatnow always takes the channel value, instead of anOption(#1227).UserConfig::manually_accept_inbound_channelswas added which, when set, generates a newEvent::OpenChannelRequest, which allows manual acceptance or rejection of incoming channels on a per-channel basis (#1281).Payeehas been renamed toPaymentParameters(#1271).PaymentParametersnow has amax_total_cltv_expiry_deltafield. This defaults to 1008 and limits the maximum amount of time an HTLC can be pending before it will either fail or be claimed (#1234).- The
lightning-invoicecrate now supports no-std environments. This required numerous API changes around timestamp handling and std+no-std versions of several methods that previously assumed knowledge of the time (#1223, #1230). lightning-invoicenow supports parsing invoices with expiry times of more than one year. This required changing the semantics ofExpiryTime(#1273).- The
CounterpartyCommitmentSecretsis now public, allowing external uses of theBOLT 3secret storage scheme (#1299). - Several
Signmethods now receive HTLC preimages as proof of state transition, see new documentation for more (#1251). KeysInterface::sign_invoicenow provides the HRP and other invoice data separately to make it simpler for external signers to parse (#1272).Sign::sign_channel_announcementnow returns both the node's signature and the per-channel signature.InMemorySignernow requires the node's secret key in order to implement this (#1179).ChannelManagerdeserialization will now fail if theKeysInterfaceused has a differentnode_idthan theChannelManagerexpects (#1250).- A new
ErrorActionvariant was added to sendwarningmessages (#1013). - Several references to
chain::Listenobjects inlightning-block-syncno longer require a mutable reference (#1304).
- Fixed a regression introduced in 0.0.104 where
ChannelManager's internal locks could have an order violation leading to a deadlock (#1238). - Fixed cases where slow code (including user I/O) could cause us to
disconnect peers with ping timeouts in
BackgroundProcessor(#1269). - Now persist the
ChannelManagerprior toBackgroundProcessorstopping, preventing race conditions where channels are closed on startup even with a clean shutdown. This requires that users stop network processing and disconnect peers prior toBackgroundProcessorshutdown (#1253). - Fields in
ChannelHandshakeLimitsprovided via theoverride_configtocreate_channelare now applied instead of the default config (#1292). - Fixed the generation of documentation on docs.rs to include API surfaces which are hidden behind feature flags (#1303).
- Added the
channel_typefield toaccept_channelmessages we send, which may avoid some future compatibility issues with other nodes (#1314). - Fixed a bug where, if a previous LDK run using
lightning-persistercrashed while persisting updated data, we may have failed to initialize (#1332). - Fixed a rare bug where having both pending inbound and outbound HTLCs on a
just-opened inbound channel could cause
ChannelDetails::balance_msatto underflow and be reported as large, or cause panics in debug mode (#1268). - Moved more instances of verbose gossip logging from the
Tracelevel to theGossiplevel (#1220). - Delayed
announcement_signaturesuntil the channel has six confirmations, slightly improving propagation of channel announcements (#1179). - Several fixes in script and transaction weight calculations when anchor outputs are enabled (#1229).
- Using
ChannelManagerdata written by versions prior to 0.0.105 will result in preimages for HTLCs that were pending at startup to be missing in calls toKeysInterfacemethods (#1251). - Any phantom invoice payments received on a node that is not upgraded to 0.0.105 will fail with an "unknown channel" error. Further, downgrading to 0.0.104 or before and then upgrading again will invalidate existing phantom SCIDs which may be included in invoices (#1199).
0.0.105 fixes two denial-of-service vulnerabilities which may be reachable from untrusted input in certain application designs.
- Route calculation spuriously panics when a routing decision is made for a path where the second-to-last hop is a private channel, included due to a multi-hop route hint in an invoice.
ChannelMonitor::get_claimable_balancesspuriously panics in some scenarios when the LDK application's local commitment transaction is confirmed while HTLCs are still pending resolution.
In total, this release features 109 files changed, 7270 insertions, 2131 deletions in 108 commits from 15 authors, in alphabetical order:
- Conor Okus
- Devrandom
- Elias Rohrer
- Jeffrey Czyz
- Jurvis Tan
- Ken Sedgwick
- Matt Corallo
- Naveen
- Tibo-lg
- Valentine Wallace
- Viktor Tigerström
- dependabot[bot]
- hackerrdave
- naveen
- vss96
- A
PaymentFailedevent is now provided to indicate a payment has failed fully. This event is generated either afterChannelManager::abandon_paymentis called for a given payment, or the payment times out, and there are no further pending HTLCs for the payment. This event should be used to detect payment failure instead ofPaymentPathFailed::all_paths_failed, unless no payment retries occur viaChannelManager::retry_payment(#1202). - Payment secrets are now generated deterministically using material from
the new
KeysInterface::get_inbound_payment_key_material(#1177). - A
PaymentPathSuccessfulevent has been added to ease passing success info to a scorer, along with aScore::payment_path_successfulmethod to accept such info (#1178, #1197). Score::channel_penalty_msathas additional arguments describing the channel's capacity and the HTLC amount being sent over the channel (#1166).- A new log level
Gossiphas been added, which is used for verbose information generated during network graph sync. Enabling themax_level_tracefeature or ignoringGossiplog entries reduces log growth during initial start up from many GiB to several MiB (#1145). - The
allow_wallclock_usefeature has been removed in favor of only using thestdandno-stdfeatures (#1212). NetworkGraphcan now remove channels that we haven't heard updates for in two weeks withNetworkGraph::remove_stale_channels{,with_time}. The first is called automatically if aNetGraphMsgHandleris passed toBackgroundProcessor::start(#1212).InvoicePayer::pay_pubkeywas added to enable sending "keysend" payments to supported recipients, using theInvoicePayerto handle retires (#1160).user_payment_idhas been removed fromPaymentPurpose, andChannelManager::create_inbound_payment{,_for_hash}(#1180).- Updated documentation for several
ChannelManagerfunctions to remove stale references to panics which no longer occur (#1201). - The
ScoreandLockableScoreobjects have moved into therouting::scoringmodule instead of being in theroutingmodule (#1166). - The
Timeparameter toScorerWithTimeis no longer longer exposed, instead being fixed based on thestd/no-stdfeature (#1184). ChannelDetails::balance_msatwas added to fetch a channel's balance without subtracting the reserve values, lining up with on-chain claim amounts less on-chain fees (#1203).- An explicit
UserConfig::accept_inbound_channelsflag is now provided, removing the need to setmin_funding_satoshisto > 21 million BTC (#1173). - Inbound channels that fail to see the funding transaction confirm within
2016 blocks are automatically force-closed with
ClosureReason::FundingTimedOut(#1083). - We now accept a channel_reserve value of 0 from counterparties, as it is insecure for our counterparty but not us (#1163).
NetAddress::OnionV2parsing was removed as version 2 onion services are no longer supported in modern Tor (#1204).- Generation and signing of anchor outputs is now supported in the
KeysInterface, though no support for them exists in the channel itself (#1176)
- Fixed a race condition in
InvoicePayerwhere paths may be retried after the retry count has been exceeded. In this case theEvent::PaymentPathFailed::all_paths_failedfield is not a reliable payment failure indicator. There was no acceptable alternative indicator,Event::PaymentFailedas been added to provide one (#1202). - Reduced the blocks-before-timeout we expect of outgoing HTLCs before refusing to forward. This check was overly strict and resulted in refusing to forward som HTLCs to a next hop that had a lower security threshold than us (#1119).
- LDK no longer attempt to update the channel fee for outbound channels when we cannot afford the new fee. This could have caused force-closure by our channel counterparty (#1054).
- Fixed several bugs which may have prevented the reliable broadcast of our own channel announcements and updates (#1169).
- Fixed a rare bug which may have resulted in spurious route finding failures when using last-hop hints and MPP with large value payments (#1168).
KeysManager::spend_spendable_outputsno longer adds a change output that is below the dust threshold for non-standard change scripts (#1131).- Fixed a minor memory leak when attempting to send a payment that fails due
to an error when updating the
ChannelMonitor(#1143). - Fixed a bug where a
FeeEstimatorthat returns values rounded to the next sat/vbyte may result in force-closures (#1208). - Handle MPP timeout HTLC error codes, instead of considering the recipient to have sent an invalid error, removing them from the network graph (#1148)
- All above new events/fields are ignored by prior clients. All above new events/fields are not present when reading objects serialized by prior versions of the library.
- Payment secrets are now generated deterministically. This reduces the memory
footprint for inbound payments, however, newly-generated inbound payments
using
ChannelManager::create_inbound_payment{,_for_hash}will not be receivable using versions prior to 0.0.104.ChannelManager::create_inbound_payment{,_for_hash}_legacyare provided for backwards compatibility (#1177). PaymentPurpose::InvoicePayment::user_payment_idwill be 0 when reading objects written with 0.0.104 when read by 0.0.103 and previous (#1180).
In total, this release features 51 files changed, 5356 insertions, 2238 deletions in 107 commits from 9 authors, in alphabetical order:
- Antoine Riard
- Conor Okus
- Devrandom
- Duncan Dean
- Elias Rohrer
- Jeffrey Czyz
- Ken Sedgwick
- Matt Corallo
- Valentine Wallace
- This release is almost entirely focused on a new API in the
lightning-invoicecrate - theInvoicePayer.InvoicePayeris a struct which takes a reference to aChannelManagerand aRouterand retries payments as paths fail. It limits retries to a configurable number, but is not serialized to disk and may retry additional times across a serialization/load. In order to learn about failed payments, it must receiveEvents directly from theChannelManager, wrapping a user-providedEventHandlerwhich it provides all unhandled events to (#1059). get_routehas been renamedfind_route(#1059) and now takes aRouteParametersstruct in replacement of a number of its long list of arguments (#1134). ThePayeein theRouteParametersis stored in theRouteobject returned and provided in theRouteParameterscontained inEvent::PaymentPathFailed(#1059).ChannelMonitors must now be persisted after calls that provide new block data, prior toMonitorEvents being passed back toChannelManagerfor processing. If you are using aChainMonitorthis is handled for you. ThePersistAPI has been updated toOptionally take theChannelMonitorUpdateas persistence events that result from chain data no longer have a corresponding update (#1108).routing::Scorenow has apayment_path_failedmethod which it can use to learn which channels often fail payments. It is automatically called byInvoicePayerfor failed payment paths (#1144).- The default
Scorerimplementation is now a type alias to a type generic across different clocks and supports serialization to persist scoring data across restarts (#1146). Event::PaymentSentnow includes the full fee which was spent across all payment paths which were fulfilled or pending when the payment was fulfilled (#1142).Event::PaymentSentandEvent::PaymentPathFailednow include thePaymentIdwhich matches thePaymentIdreturned fromChannelManager::send_paymentorInvoicePayer::pay_invoice(#1059).NetGraphMsgHandlernow takes aDerefto theNetworkGraph, allowing for shared references to the graph data to make serialization and references to the graph data in theInvoicePayer'sRoutersimpler (#1149).routing::Score::channel_penalty_msathas been updated to provide theNodeIdof both the source and destination nodes of a channel (#1133).
- Previous versions would often disconnect peers during initial graph sync due to ping timeouts while processing large numbers of gossip messages. We now delay disconnecting peers if we receive messages from them even if it takes a while to receive a pong from them. Further, we avoid sending too many gossip messages between pings to ensure we should always receive pongs in a timely manner (#1137).
- If a payment was sent, creating an outbound HTLC and sending it to our
counterparty (implying the
ChannelMonitorwas persisted on disk), but theChannelManagerwas not persisted prior to shutdown/crash, noEvent::PaymentPathFailedevent was generated if the HTLC was eventually failed on chain. Events are now consistent irrespective ofChannelManagerpersistence or non-persistence (#1104).
- All above new Events/fields are ignored by prior clients. All above new Events/fields are not present when reading objects serialized by prior versions of the library.
- Payments for which a
Routewas generated using a previous version or for which the payment was originally sent by a previous version of the library will not be retried by anInvoicePayer.
This release was singularly focused and some contributions by third parties were delayed. In total, this release features 38 files changed, 4414 insertions, and 969 deletions in 71 commits from 2 authors, in alphabetical order:
- Jeffrey Czyz
- Matt Corallo
get_routenow takes aScoreas an argument.Scoreis queried during the route-finding process, returning the absolute amounts which you are willing to pay to avoid routing over a given channel. As a default, aScoreris provided which returns a constant amount, with a suggested default of 500 msat. This translates to a willingness to pay up to 500 msat in additional fees per hop in order to avoid additional hops (#1124).Event::PaymentPathFailednow contains ashort_channel_idfield which may be filled in with a channel that can be "blamed" for the payment failure. Payment retries should likely avoid the given channel for some time (#1077).PublicKeys inNetworkGraphhave been replaced with aNodeIdstruct which contains only a simple[u8; 33], substantially improvingNetworkGraphdeserialization performance (#1107).ChainMonitor'sHashMapofChannelMonitors is now private, exposed viaChainmonitor::get_monitorandChainMonitor::list_monitorsinstead (#1112).- When an outbound channel is closed prior to the broadcasting of its funding
transaction, but after you call
ChannelManager::funding_transaction_generated, a new event type,Event::DiscardFunding, is generated, informing you the transaction was not broadcasted and that you can spend the same inputs again elsewhere (#1098). ChannelManager::create_channelnow returns the temporary channel ID which may later appear inEvent::ChannelClosedorChannelDetailsprior to the channel being funded (#1121).Event::PaymentSentnow contains the payment hash as well as the payment preimage (#1062).ReadOnlyNetworkGraph::get_addressesnow returns ownedNetAddressrather than references. As a side-effect this method is now exposed in foreign language bindings (#1115).- The
PersistandChannelMonitorUpdateErrtypes have moved to thelightning::chain::chainmonitorandlightning::chainmodules, respectively (#1112). ChannelManager::send_paymentnow returns aPaymentIdwhich identifies a payment (whether MPP or not) and can be used to retry the full payment or MPP parts throughretry_payment(#1096). Note that doing so is currently not crash safe, and you may find yourself sending twice. It is recommended that you not use theretry_paymentAPI until the next release.
- Due to an earlier fix for the Lightning dust inflation vulnerability tracked in CVE-2021-41591/CVE-2021-41592/CVE-2021-41593 in 0.0.100, we required counterparties to accept a dust limit slightly lower than the dust limit now required by other implementations. This appeared as, at least, latest lnd always refusing to accept channels opened by LDK clients (#1065).
- If there are multiple channels available to the same counterparty,
get_routewould only consider the channel listed last as available for sending (#1100). Persistimplementations returningChannelMonitorUpdateErr::TemporaryFailurefromwatch_channelpreviously resulted in theChannelMonitornot being stored at all, resulting in a panic after monitor updating is complete (#1112).- If payments are pending awaiting forwarding at startup, an
Event::PendingHTLCsForwardableevent will always be provided. This ensures user code callsChannelManager::process_pending_htlc_fowardseven if it shut down while awaiting the batching timer during the previous run (#1076). - If a call to
ChannelManager::send_paymentfailed due to lack of availability of funds locally, LDK would store the payment as pending forever, with no ability to retry or fail it, leaking memory (#1109).
- All above new Events/fields are ignored by prior clients. All above new
Events/fields, except for
Event::PaymentSent::payment_hashare not present when reading objects serialized by prior versions of the library.
In total, this release features 32 files changed, 2248 insertions, and 1483 deletions in 51 commits from 7 authors, in alphabetical order:
- 1nF0rmed
- Duncan Dean
- Elias Rohrer
- Galder Zamarreño
- Jeffrey Czyz
- Matt Corallo
- Valentine Wallace
- Custom message types are now supported directly in the
PeerManager, allowing you to send and receive messages of any type that is not natively understood by LDK. This requires a new type bound onPeerManager, aCustomMessageHandler.IgnoringMessageHandlerprovides a simple default for this new bound for ignoring unknown messages (#1031, #1074). - Route graph updates as a result of failed payments are no longer provided as
MessageSendEvent::PaymentFailureNetworkUpdatebut instead included in a new field in theEvent::PaymentFailedevents. Generally, this means route graph updates are no longer handled as a part of thePeerManagerbut instead through the newEventHandlerimplementation forNetGraphMsgHandler. To make this easy, a new parameter tolightning-background-processor::BackgroundProcessor::startis added, which contains anOptionalNetGraphmsgHandler. If provided asSome, relevant events will be processed by theNetGraphMsgHandlerprior to normal event handling (#1043). NetworkGraphis now, itself, thread-safe. Accordingly, most functions now take&selfinstead of&mut selfand the graph data can be accessed throughNetworkGraph.read_only(#1043).- The balances available on-chain to claim after a channel has been closed are
now exposed via
ChannelMonitor::get_claimable_balancesandChainMonitor::get_claimable_balances. The second can be used to get information about all closed channels which still have on-chain balances associated with them. See enum variants ofln::channelmonitor::Balanceand method documentation for the above methods for more information on the types of balances exposed (#1034). - When one HTLC of a multi-path payment fails, the new field
all_paths_failedinEvent::PaymentFailedis set tofalse. This implies that the payment has not failed, but only one part. Payment resolution is only indicated by anEvent::PaymentSentevent or anEvent::PaymentFailedwithall_paths_failedset totrue, which is also set for the last remaining part of a multi-path payment (#1053). - To better capture the context described above,
Event::PaymentFailedhas been renamed toEvent::PaymentPathFailed(#1084). - A new event,
ChannelClosed, is provided byChannelManagerwhen a channel is closed, including a reason and error message (if relevant, #997). lightning-invoicenow considers invoices with sub-millisatoshi precision to be invalid, and requires millisatoshi values during construction (thus you must callamount_milli_satoshisinstead ofamount_pico_btc, #1057).- The
BaseSigninterface now includes two new hooks which provide additional information about commitment transaction signatures and revocation secrets provided by our counterparty, allowing additional verification (#1039). - The
BaseSigninterface now includes additional information for cooperative close transactions, making it easier for a signer to verify requests (#1064). Routehas two additional helper methods to get fees and amounts (#1063).TxidandTransactionobjects can now be deserialized from responses when using the HTTP client in thelightning-block-synccrate (#1037, #1061).
- Fix a panic when reading a lightning invoice with a non-recoverable signature. Further, restrict lightning invoice parsing to require payment secrets and better handle a few edge cases as required by BOLT 11 (#1057).
- Fix a panic when receiving multiple messages (such as HTLC fulfill messages)
after a call to
chain::Watch::update_channelreturnedErr(ChannelMonitorUpdateErr::TemporaryFailure)with noChannelManager::channel_monitor_updatedcall in between (#1066). - For multi-path payments,
Event::PaymentSentis no longer generated multiple times, once for each independent part (#1053). - Multi-hop route hints in invoices are now considered in the default router
provided via
get_route(#1040). - The time peers have to respond to pings has been increased when building with debug assertions enabled. This avoids peer disconnections on slow hosts when running in debug mode (#1051).
- The timeout for the first byte of a response for requests from the
lightning-block-synccrate has been increased to 300 seconds to better handle the long hangs in Bitcoin Core when it syncs to disk (#1090).
- Due to a bug in 0.0.100,
Events written by 0.0.101 which are of a type not understood by 0.0.100 may lead toErr(DecodeError::InvalidValue)or corrupt deserialized objects in 0.100. SuchEvents will lead to anErr(DecodeError::InvalidValue)in versions prior to 0.0.100. The only such new event written by 0.0.101 isEvent::ChannelClosed(#1087). - Payments that were initiated in versions prior to 0.0.101 may still
generate duplicate
PaymentSentEvents or may have spurious values forEvent::PaymentPathFailed::all_paths_failed(#1053). - The return values of
ChannelMonitor::get_claimable_balances(and, thus,ChainMonitor::get_claimable_balances) may be spurious for channels where the spend of the funding transaction appeared on chain while running a version prior to 0.0.101.Balanceinformation should only be relied upon for channels that were closed while running 0.0.101+ (#1034). - Payments failed while running versions prior to 0.0.101 will never have a
Somefor thenetwork_updatefield (#1043).
In total, this release features 67 files changed, 4980 insertions, 1888 deletions in 89 commits from 12 authors, in alphabetical order:
- Antoine Riard
- Devrandom
- Galder Zamarreño
- Giles Cope
- Jeffrey Czyz
- Joseph Goulden
- Matt Corallo
- Sergi Delgado Segura
- Tibo-lg
- Valentine Wallace
- abhik-99
- vss96
- The
lightningcrate can now be built in no_std mode, making it easy to target embedded hardware for rust users. Note that mutexes are replaced with no-ops for such builds (#1008, #1028). - LDK now supports sending and receiving "keysend" payments. This includes
modifications to
lightning::util::events::Event::PaymentReceivedto indicate the type of payment (#967). - A new variant,
lightning::util::events::Event::PaymentForwardedhas been added which indicates a forwarded payment has been successfully claimed and we've received a forwarding fee (#1004). lightning::chain::keysinterface::KeysInterface::get_shutdown_pubkeyhas been renamed toget_shutdown_scriptpubkey, returns a script, and is now called on channel open only iflightning::util::config::ChannelConfig::commit_upfront_shutdown_pubkeyis set (#1019).- Closing-signed negotiation is now more configurable, with an explicit
lightning::util::config::ChannelConfig::force_close_avoidance_max_fee_satoshisfield allowing you to select the maximum amount you are willing to pay to avoid a force-closure. Further, we are now less restrictive on the fee placed on the closing transaction when we are not the party paying it. To control the feerate paid on a channel at close-time, useChannelManager::close_channel_with_target_feerateinstead ofclose_channel(#1011). lightning_background_processor::BackgroundProcessornow stops the background thread when dropped (#1007). It is marked#[must_use]so that Rust users will receive a compile-time warning when it is immediately dropped after construction (#1029).- Total potential funds burn on force-close due to dust outputs is now limited
to
lightning::util::config::ChannelConfig::max_dust_htlc_exposure_msatper channel (#1009). - The interval on which
lightning::ln::peer_handler::PeerManager::timer_tick_occurredshould be called has been reduced to once every five seconds (#1035) andlightning::ln::channelmanager::ChannelManager::timer_tick_occurredshould now be called on startup in addition to once per minute (#985). - The rust-bitcoin and bech32 dependencies have been updated to their respective latest versions (0.27 and 0.8, #1012).
- Fix panic when reading invoices generated by some versions of c-lightning (#1002 and #1003).
- Fix panic when attempting to validate a signed message of incorrect length (#1010).
- Do not ignore the route hints in invoices when the invoice is over 250k sats (#986).
- Fees are automatically updated on outbound channels to ensure commitment transactions are always broadcastable (#985).
- Fixes a rare case where a
lightning::util::events::Event::SpendableOutputsevent is not generated after a counterparty commitment transaction is confirmed in a reorg when a conflicting local commitment transaction is removed in the same reorg (#1022). - Fixes a remotely-triggerable force-closure of an origin channel after an HTLC was forwarded over a next-hop channel and the next-hop channel was force-closed by our counterparty (#1025).
- Fixes a rare force-closure case when sending a payment as a channel fundee when overdrawing our remaining balance. Instead the send will fail (#998).
- Fixes a rare force-closure case when a payment was claimed prior to a peer disconnection or restart, and later failed (#977).
- Pending inbound keysend payments which have neither been failed nor claimed
when serialized will result in a
ChannelManagerwhich is not readable on pre-0.0.100 clients (#967). - Because
lightning::chain::keysinterface::KeysInterface::get_shutdown_scriptpubkeyhas been updated to return a script instead of only aPublicKey,ChannelManagers constructed with customKeysInterfaceimplementations on 0.0.100 and later versions will not be readable on previous versions.ChannelManagers created with 0.0.99 and prior versions will remain readable even after the a serialization roundtrip on 0.0.100, as long as no new channels are opened. Further, users using alightning::chain::keysinterface::KeysManageras theirKeysInterfacewill haveChannelManagers which are readable on prior versions as well (#1019). ChannelMonitorUpdates created by 0.0.100 and later for channels whenlightning::util::config::ChannelConfig::commit_upfront_shutdown_pubkeyis not set may not be readable by versions prior to 0.0.100 (#1019).- HTLCs which were in the process of being claimed on-chain when a pre-0.0.100
ChannelMonitorwas serialized may generatePaymentForwardedevents with spuriousfee_earned_msatvalues. This only applies to payments which were unresolved at the time of the upgrade (#1004). - 0.0.100 clients with pending
Event::PaymentForwardedevents at serialization-time will generate serializedChannelManagerobjects which 0.0.99 and earlier clients cannot read. The likelihood of this can be reduced by ensuring you process all pending events immediately before serialization (as is done by thelightning-background-processorcrate, #1004).
In total, this release features 59 files changed, 5861 insertions, and 2082 deletions in 95 commits from 6 authors.
lightning_block_sync::poll::Validateis now public, allowing you to implement thelightning_block_sync::poll::Polltrait withoutlightning_block_sync::poll::ChainPoller(#956).lightning::ln::peer_handler::PeerManagerno longer requires that no calls are made to referencing the sameSocketDescriptorafterdisconnect_socketreturns. This makes the API significantly less deadlock-prone and simplifiesSocketDescriptorimplementations significantly. The relevant changes have been made tolightning_net_tokioandPeerManagerdocumentation has been substantially rewritten (#957).lightning::util::message_signing'ssignandverifymethods now take secret and public keys by reference instead of value (#974).- Substantially more information is now exposed about channels in
ChannelDetails. See documentation for more info (#984 and #988). - The latest best block seen is now exposed in
ChannelManager::current_best_blockandChannelMonitor::current_best_block(#984). - Feerates charged when forwarding payments over channels is now set in
ChannelConfig::fee_base_msatwhen the channel is opened. For existing channels, the value is set to the value provided inChannelManagerReadArgs::default_config::channel_optionsthe first time theChannelManageris loaded in 0.0.99 (#975). - We now reject HTLCs which are received to be forwarded over private channels
unless
UserConfig::accept_forwards_to_priv_channelsis set. Note thatUserConfigis never serialized and must be provided viaChannelManagerReadArgs::default_configat each start (#975).
- We now forward gossip messages to peers instead of only relaying locally-generated gossip or sending gossip messages during initial sync (#948).
- Correctly send
channel_updatemessages to direct peers on private channels (#949). Without this, a private node connected to an LDK node over a private channel cannot receive funds as it does not know which fees the LDK node will charge. lightning::ln::channelmanager::ChannelManagerno longer expects to be persisted spuriously after we receive achannel_updatemessage about any channel in the routing gossip (#972).- Asynchronous
ChannelMonitorupdates (using theChannelMonitorUpdateErr::TemporaryFailurereturn variant) no longer cause spurious HTLC forwarding failures (#954). - Transaction provided via
ChannelMonitor::transactions_confirmedafterChannelMonitor::best_block_updatedwas called for a much later block now trigger all relevant actions as of the later block. Previously some transaction broadcasts or other responses required an additional block be provided viaChannelMonitor::best_block_updated(#970). - We no longer panic in rare cases when an invoice contained last-hop route hints which were unusable (#958).
- We now accept spurious
funding_lockedmessages sent prior tochannel_reestablishmessages after reconnect. This is a known, long-standing bug in lnd (#966). - We now set the
first_blocknumandnumber_of_blocksfields inreply_channel_rangemessages to values which c-lightning versions prior to 0.10 accepted. This avoids spurious force-closes from such nodes (#961).
- Due to a bug discovered in 0.0.98, if a
ChannelManageris serialized on version 0.0.98 while anEvent::PaymentSentis pending processing, theChannelManagerwill fail to deserialize both on version 0.0.98 and later versions. If you have such aChannelManageravailable, a simple patch will allow it to deserialize. Please file an issue if you need assistance (#973).
0.0.98 should be considered a release candidate to the first alpha release of Rust-Lightning and the broader LDK. It represents several years of work designing and fine-tuning a flexible API for integrating lightning into any application. LDK should make it easy to build a lightning node or client which meets specific requirements that other lightning node software cannot. As lightning continues to evolve, and new use-cases for lightning develop, the API of LDK will continue to change and expand. However, starting with version 0.1, objects serialized with prior versions will be readable with the latest LDK. While Rust-Lightning is approaching the 0.1 milestone, language bindings components of LDK available at https://github.com/lightningdevkit are still of varying quality. Some are also approaching an 0.1 release, while others are still much more experimental. Please note that, at 0.0.98, using Rust-Lightning on mainnet is strongly discouraged.