Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure monitors are not archived if they have a preimage we need #3450

Merged
merged 1 commit into from
Dec 11, 2024
Merged

Ensure monitors are not archived if they have a preimage we need #3450

merged 1 commit into from
Dec 11, 2024

Conversation

TheBlueMatt
Copy link
Collaborator

When a ChannelMonitor sees a payment preimage on chain for an outbound HTLC, it creates a MonitorEvent containing the preimage to pass to the inbound edge. The inclusion of the transaction containing the payment preimage (plus six confirmations) also results in the corresponding Balance being removed from the live balance set, allowing the ChannelMonitor to be pruned (after a further 4032 blocks).

While MonitorEvents should always be processed in a timely manner, if a node is suffering from a bug where they are not, its possible for 4038 blocks to pass with the preimage-containing MonitorEvent still pending. If that happens, its possible the ChannelMonitor is archived even though the preimage in it is needed in another channel (or ChannelMonitor), causing funds loss.

Luckily the fix is simple - check for pending events before allowing a ChannelMonitor to be archived.

Fixes #2153

@TheBlueMatt
Ensure monitors are not archived if they have a preimage we need
8ab7222 
When a `ChannelMonitor` sees a payment preimage on chain for an
outbound HTLC, it creates a `MonitorEvent` containing the preimage
to pass to the inbound edge. The inclusion of the transaction
containing the payment preimage (plus six confirmations) also
results in the corresponding `Balance` being removed from the live
balance set, allowing the `ChannelMonitor` to be pruned (after a
further 4032 blocks).

While `MonitorEvent`s should always be processed in a timely
manner, if a node is suffering from a bug  where they are not, its
possible for 4038 blocks to pass with the preimage-containing
`MonitorEvent` still pending. If that happens, its possible the
`ChannelMonitor` is archived even though the preimage in it is
needed in another channel (or `ChannelMonitor`), causing funds
loss.

Luckily the fix is simple - check for pending events before
allowing a `ChannelMonitor` to be archived.

Fixes lightningdevkit#2153
@TheBlueMatt TheBlueMatt added this to the 0.1 milestone Dec 8, 2024
@codecov Codecov
Copy link

codecov bot commented Dec 8, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 96.66667% with 3 lines in your changes missing coverage. Please review.

Project coverage is 89.68%. Comparing base (020be44) to head (8ab7222).
Report is 8 commits behind head on main.

Files with missing lines Patch % Lines
lightning/src/chain/channelmonitor.rs 60.00% 2 Missing ⚠️
lightning/src/ln/monitor_tests.rs 98.82% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3450      +/-   ##
==========================================
- Coverage   89.69%   89.68%   -0.02%     
==========================================
  Files         130      130              
  Lines      107403   107465      +62     
  Branches   107403   107465      +62     
==========================================
+ Hits        96340    96382      +42     
- Misses       8670     8683      +13     
- Partials     2393     2400       +7

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

tnull
tnull approved these changes Dec 9, 2024
View reviewed changes
Copy link
Contributor

@tnull tnull left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

arik-so
arik-so approved these changes Dec 10, 2024
View reviewed changes
Copy link
Contributor

@arik-so arik-so left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, too.

1.63.0 test failure appears unrelated; I restarted it.

@TheBlueMatt TheBlueMatt merged commit a688f1c into lightningdevkit:main Dec 11, 2024
19 checks passed
@TheBlueMatt TheBlueMatt mentioned this pull request Dec 12, 2024
Open
18 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tnull tnull tnull approved these changes

@arik-so arik-so arik-so approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.1
Development

Successfully merging this pull request may close these issues.

ChannelMonitor balances don't reflect preimages for other channels
3 participants
@TheBlueMatt @tnull @arik-so