Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reduce the risk of change chaining transactions #2380

Merged
merged 5 commits into from Feb 22, 2019
@@ -28,6 +28,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- JSON API: New command `paystatus` gives detailed information on `pay` commands.
- JSON API: `getroute` `riskfactor` argument is simplified; `pay` now defaults to setting it to 10.
- pylightning: New class 'Millisatoshi' can be used for JSON API, and new '_msat' fields are turned into this on reading.
- JSON API: `fundchannel` and `withdraw` now have a new parameter `minconf` that limits coinselection to outputs that have at least `minconf` confirmations (default 1). (#2380)
### Changed
@@ -57,7 +57,8 @@ static struct command_result *check_amount(const struct wallet_tx *wtx,

struct command_result *wtx_select_utxos(struct wallet_tx *tx,
u32 fee_rate_per_kw,
size_t out_len)
size_t out_len,
u32 maxheight)
{
struct command_result *res;
struct amount_sat fee_estimate;
@@ -66,6 +67,7 @@ struct command_result *wtx_select_utxos(struct wallet_tx *tx,
struct amount_sat amount;
tx->utxos = wallet_select_all(tx->cmd, tx->cmd->ld->wallet,
fee_rate_per_kw, out_len,
maxheight,
&amount,
&fee_estimate);
res = check_amount(tx, amount);
@@ -88,6 +90,7 @@ struct command_result *wtx_select_utxos(struct wallet_tx *tx,
tx->utxos = wallet_select_coins(tx->cmd, tx->cmd->ld->wallet,
tx->amount,
fee_rate_per_kw, out_len,
maxheight,
&fee_estimate, &tx->change);
res = check_amount(tx, tx->amount);
if (res)
@@ -29,5 +29,15 @@ struct command_result *param_wtx(struct command *cmd,

struct command_result *wtx_select_utxos(struct wallet_tx *tx,
u32 fee_rate_per_kw,
size_t out_len);
size_t out_len,
u32 maxheight);

static inline u32 minconf_to_maxheight(u32 minconf, struct lightningd *ld)
{
/* No confirmations is special, we need to disable the check in the
* selection */
if (minconf == 0)
return 0;
return ld->topology->tip->height - minconf + 1;
}
#endif /* LIGHTNING_COMMON_WALLET_TX_H */
@@ -511,17 +511,19 @@ def listpeers(self, peerid=None, level=None):
}
return self.call("listpeers", payload)

def fundchannel(self, node_id, satoshi, feerate=None, announce=True):
def fundchannel(self, node_id, satoshi, feerate=None, announce=True, minconf=None):
"""
Fund channel with {id} using {satoshi} satoshis
with feerate of {feerate} (uses default feerate if unset).
If {announce} is False, don't send channel announcements.
Only select outputs with {minconf} confirmations
"""
payload = {
"id": node_id,
"satoshi": satoshi,
"feerate": feerate,
"announce": announce
"announce": announce,
"minconf": minconf,
}
return self.call("fundchannel", payload)

@@ -588,15 +590,17 @@ def dev_memleak(self):
"""
return self.call("dev-memleak")

def withdraw(self, destination, satoshi, feerate=None):
def withdraw(self, destination, satoshi, feerate=None, minconf=None):
"""
Send to {destination} address {satoshi} (or "all")
amount via Bitcoin transaction
amount via Bitcoin transaction. Only select outputs
with {minconf} confirmations
"""
payload = {
"destination": destination,
"satoshi": satoshi,
"feerate": feerate
"feerate": feerate,
"minconf": minconf,
}
return self.call("withdraw", payload)

@@ -830,7 +830,7 @@ static struct command_result *json_fund_channel(struct command *cmd,
struct pubkey *id;
struct peer *peer;
struct channel *channel;
u32 *feerate_per_kw;
u32 *feerate_per_kw, *minconf, maxheight;
bool *announce_channel;
u8 *msg;
struct amount_sat max_funding_satoshi;
@@ -845,6 +845,7 @@ static struct command_result *json_fund_channel(struct command *cmd,
p_req("satoshi", param_wtx, &fc->wtx),
p_opt("feerate", param_feerate, &feerate_per_kw),
p_opt_def("announce", param_bool, &announce_channel, true),
p_opt_def("minconf", param_number, &minconf, 1),
NULL))
return command_param_failed();

@@ -890,8 +891,9 @@ static struct command_result *json_fund_channel(struct command *cmd,
type_to_string(fc, struct pubkey, id));
}

maxheight = minconf_to_maxheight(*minconf, cmd->ld);
res = wtx_select_utxos(&fc->wtx, *feerate_per_kw,
BITCOIN_SCRIPTPUBKEY_P2WSH_LEN);
BITCOIN_SCRIPTPUBKEY_P2WSH_LEN, maxheight);
if (res)
return res;

@@ -917,9 +919,9 @@ static struct command_result *json_fund_channel(struct command *cmd,
}

static const struct json_command fund_channel_command = {
"fundchannel",
json_fund_channel,
"Fund channel with {id} using {satoshi} (or 'all') satoshis, at optional {feerate}"
"fundchannel", json_fund_channel,
"Fund channel with {id} using {satoshi} (or 'all') satoshis, at optional "
"{feerate}. Only use outputs that have {minconf} confirmations."
};
AUTODATA(json_command, &fund_channel_command);

@@ -215,7 +215,7 @@ def test_closing_different_fees(node_factory, bitcoind, executor):
peers.append(p)

for p in peers:
p.channel = l1.rpc.fundchannel(p.info['id'], 10**6)['channel_id']
p.channel = l1.rpc.fundchannel(p.info['id'], 10**6, minconf=0)['channel_id']
# Technically, this is async to fundchannel returning.
l1.daemon.wait_for_log('sendrawtx exit 0')

@@ -1169,7 +1169,7 @@ def test_no_fee_estimate(node_factory, bitcoind, executor):

# Can with manual feerate.
l1.rpc.withdraw(l2.rpc.newaddr()['address'], 10000, '1500perkb')
l1.rpc.fundchannel(l2.info['id'], 10**6, '2000perkw')
l1.rpc.fundchannel(l2.info['id'], 10**6, '2000perkw', minconf=0)

# Make sure we clean up cahnnel for later attempt.
l1.daemon.wait_for_log('sendrawtx exit 0')
@@ -1554,3 +1554,28 @@ def test_fail_unconfirmed(node_factory, bitcoind, executor):

l1.rpc.connect(l2.info['id'], 'localhost', l2.port)
l1.fund_channel(l2, 200000, wait_for_active=True)


def test_change_chaining(node_factory, bitcoind):
"""Test change chaining of unconfirmed fundings
Change chaining is the case where one transaction is broadcast but not
confirmed yet and we already build a followup on top of the change. If the
first transaction doesn't confirm we may end up creating a series of
unconfirmable transactions. This is why we generally disallow chaining.
"""
l1, l2, l3 = node_factory.get_nodes(3)
l1.fundwallet(10**8) # This will create an output with 1 confirmation

# Now fund a channel from l1 to l2, that should succeed, with minconf=1 but not before
l1.connect(l2)
with pytest.raises(RpcError):
l1.rpc.fundchannel(l2.info['id'], 10**7, minconf=2)
l1.rpc.fundchannel(l2.info['id'], 10**7) # Defaults to minconf=1

# We don't have confirmed outputs anymore, so this should fail without minconf=0
l1.connect(l3)
with pytest.raises(RpcError):
l1.rpc.fundchannel(l3.info['id'], 10**7) # Defaults to minconf=1
l1.rpc.fundchannel(l3.info['id'], 10**7, minconf=0)
@@ -471,11 +471,11 @@ def test_withdraw(node_factory, bitcoind):
assert l1.db_query('SELECT COUNT(*) as c FROM outputs WHERE status=0')[0]['c'] == 6

# Test withdrawal to self.
l1.rpc.withdraw(l1.rpc.newaddr('bech32')['address'], 'all')
l1.rpc.withdraw(l1.rpc.newaddr('bech32')['address'], 'all', minconf=0)
bitcoind.generate_block(1)
assert l1.db_query('SELECT COUNT(*) as c FROM outputs WHERE status=0')[0]['c'] == 1

l1.rpc.withdraw(waddr, 'all')
l1.rpc.withdraw(waddr, 'all', minconf=0)
assert l1.db_query('SELECT COUNT(*) as c FROM outputs WHERE status=0')[0]['c'] == 0

# This should fail, can't even afford fee.
@@ -711,7 +711,9 @@ static bool test_wallet_outputs(struct lightningd *ld, const tal_t *ctx)
"wallet_add_utxo with close_info");

/* Now select them */
utxos = wallet_select_coins(w, w, AMOUNT_SAT(2), 0, 21, &fee_estimate, &change_satoshis);
utxos = wallet_select_coins(w, w, AMOUNT_SAT(2), 0, 21,
0 /* no confirmations required */,
&fee_estimate, &change_satoshis);
CHECK(utxos && tal_count(utxos) == 2);

u = *utxos[1];
@@ -254,6 +254,7 @@ static const struct utxo **wallet_select(const tal_t *ctx, struct wallet *w,
const u32 feerate_per_kw,
size_t outscriptlen,
bool may_have_change,
u32 maxheight,
struct amount_sat *satoshi_in,
struct amount_sat *fee_estimate)
{
@@ -283,6 +284,13 @@ static const struct utxo **wallet_select(const tal_t *ctx, struct wallet *w,
struct amount_sat needed;
struct utxo *u = tal_steal(utxos, available[i]);

/* If we require confirmations check that we have a
* confirmation height and that it is below the required
* maxheight (current_height - minconf */

This comment has been minimized.

Copy link
@niftynei

niftynei Feb 21, 2019

Collaborator

ubernit: missing )

if (maxheight != 0 &&
(!u->blockheight || *u->blockheight > maxheight))

This comment has been minimized.

Copy link
@niftynei

niftynei Feb 21, 2019

Collaborator

tbh i find maxheight not intuitive wrt to what you're checking for here. maybe something like gated_confirmation_height or req_conf_height ... neither of these seems exactly right.

This comment has been minimized.

Copy link
@cdecker

cdecker Feb 21, 2019

Author Member

Yeah, I've been going back and forth with the name, it's the maximum acceptable confirmation_height really, and being maybe the special value 0 is what makes it confusing.

This comment has been minimized.

Copy link
@rustyrussell

rustyrussell Feb 22, 2019

Contributor

Yeah, 0-as-special here is OK. Sometimes I gratuitously use a pointer so NULL can mean "don't care"...

continue;

tal_arr_expand(&utxos, u);

if (!wallet_update_output_status(
@@ -332,14 +340,15 @@ const struct utxo **wallet_select_coins(const tal_t *ctx, struct wallet *w,
struct amount_sat sat,
const u32 feerate_per_kw,
size_t outscriptlen,
u32 maxheight,
struct amount_sat *fee_estimate,
struct amount_sat *change)
{
struct amount_sat satoshi_in;
const struct utxo **utxo;

utxo = wallet_select(ctx, w, sat, feerate_per_kw,
outscriptlen, true,
outscriptlen, true, maxheight,
&satoshi_in, fee_estimate);

/* Couldn't afford it? */
@@ -353,6 +362,7 @@ const struct utxo **wallet_select_coins(const tal_t *ctx, struct wallet *w,
const struct utxo **wallet_select_all(const tal_t *ctx, struct wallet *w,
const u32 feerate_per_kw,
size_t outscriptlen,
u32 maxheight,
struct amount_sat *value,
struct amount_sat *fee_estimate)
{
@@ -361,7 +371,7 @@ const struct utxo **wallet_select_all(const tal_t *ctx, struct wallet *w,

/* Huge value, but won't overflow on addition */
utxo = wallet_select(ctx, w, AMOUNT_SAT(1ULL << 56), feerate_per_kw,
outscriptlen, false,
outscriptlen, false, maxheight,
&satoshi_in, fee_estimate);

/* Can't afford fees? */
@@ -319,14 +319,16 @@ const struct utxo **wallet_select_coins(const tal_t *ctx, struct wallet *w,
struct amount_sat value,
const u32 feerate_per_kw,
size_t outscriptlen,
u32 maxheight,
struct amount_sat *fee_estimate,
struct amount_sat *change_satoshi);

const struct utxo **wallet_select_all(const tal_t *ctx, struct wallet *w,
const u32 feerate_per_kw,
size_t outscriptlen,
struct amount_sat *sat,
struct amount_sat *fee_estimate);
const u32 feerate_per_kw,
size_t outscriptlen,
u32 maxheight,
struct amount_sat *sat,
struct amount_sat *fee_estimate);

/**
* wallet_confirm_utxos - Once we've spent a set of utxos, mark them confirmed.
@@ -101,6 +101,7 @@ static struct command_result *json_withdraw(struct command *cmd,
struct pubkey pubkey;
enum address_parse_result addr_parse;
struct command_result *res;
u32 *minconf, maxheight;

withdraw->cmd = cmd;
wtx_init(cmd, &withdraw->wtx, AMOUNT_SAT(-1ULL));
@@ -109,6 +110,7 @@ static struct command_result *json_withdraw(struct command *cmd,
p_req("destination", param_tok, &desttok),
p_req("satoshi", param_wtx, &withdraw->wtx),
p_opt("feerate", param_feerate, &feerate_per_kw),
p_opt_def("minconf", param_number, &minconf, 1),
NULL))
return command_param_failed();

@@ -138,8 +140,9 @@ static struct command_result *json_withdraw(struct command *cmd,
get_chainparams(cmd->ld)->network_name);
}

maxheight = minconf_to_maxheight(*minconf, cmd->ld);
res = wtx_select_utxos(&withdraw->wtx, *feerate_per_kw,
tal_count(withdraw->destination));
tal_count(withdraw->destination), maxheight);
if (res)
return res;

@@ -180,10 +183,14 @@ static struct command_result *json_withdraw(struct command *cmd,
}

static const struct json_command withdraw_command = {
"withdraw",
json_withdraw,
"Send to {destination} address {satoshi} (or 'all') amount via Bitcoin transaction, at optional {feerate}",
false, "Send funds from the internal wallet to the specified address. Either specify a number of satoshis to send or 'all' to sweep all funds in the internal wallet to the address."
"withdraw", json_withdraw,
"Send to {destination} address {satoshi} (or 'all') amount via Bitcoin "
"transaction, at optional {feerate}",
false,
"Send funds from the internal wallet to the specified address. Either "
"specify a number of satoshis to send or 'all' to sweep all funds in the "
"internal wallet to the address. Only use outputs that have at least "
"{minconf} confirmations."
};
AUTODATA(json_command, &withdraw_command);

ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.