HTLC fulfillment flow does not give signer timely validation information #2356
Comments
|
Because we remove the inbound edge in response to the |
|
Alternatively, we could just provide the preimage "raw" in the outgoing channel to indicate that the claim is "in-progress", but that's a bit confusing cause the claim could revert after a reconnect (at which point we get free money). |
well, either way. we don't care when we get the preimage, as long as it's before the incoming HTLC disappears. we just want to be able to tell that the incoming now belongs to us, and when it goes away we can ensure that our balance in that channel has increased by that amount, which keeps the payment balanced. |
|
Sadly 0.0.117 exploded into a million tasks and this just isn't likely in the next few weeks if we want to get other important fixes out ASAP. |
|
Sorry, somehow this totally slipped off my plate. I think we do already provide the relevant preimage - |
|
right, I added that back in 2022. I think this issue was opened because the preimages are not actually provided when the incoming HTLC is removed. |
|
Oh, no, you're right, they're not provided. So the rationale we had is we were only providing preimages for outgoing HTLCs since that's what the counterparty is providing us. However, for incoming HTLCs we didn't provide the preimages since they're driving a balance increase, and we were assuming that the signer would always happily accept a balance increase (and compare that later against the decrease from a counterparty claim). If that's not the case, its rather trivial to also provide the inbound HTLC preimages. |
The VLS signer has a desire to see preimages for resolved forwarded HTLCs when they are first claimed by us, even if that claim was for the inbound edge (where claiming strictly increases our balance). Luckily, providing that information is rather trivial, which we do here. Fixes lightningdevkit#2356
The VLS signer has a desire to see preimages for resolved forwarded HTLCs when they are first claimed by us, even if that claim was for the inbound edge (where claiming strictly increases our balance). Luckily, providing that information is rather trivial, which we do here. Fixes lightningdevkit#2356
|
it's not trivial to correlate the balance increase with the HTLC disappearing. there may be multiple HTLCs being added and removed. it's much easier to do the accounting on a per-HTLC basis than to try to figure out the global balance. |
|
Right, I was thinking that you'd compare the set of HTLCs in each commitment transaction to figure that out, which I believe we do provide in full. |
|
but if we don't get the preimages at that point, we don't know which HTLCs are disappearing because failed and which are disappearing because fulfilled, which complicates the validation. |
|
Mmm, right, its still napscack. Anyway, #2753 should fix it for you. |
The VLS signer has a desire to see preimages for resolved forwarded HTLCs when they are first claimed by us, even if that claim was for the inbound edge (where claiming strictly increases our balance). Luckily, providing that information is rather trivial, which we do here. Fixes lightningdevkit#2356
|
great! |
The VLS signer has a desire to see preimages for resolved forwarded HTLCs when they are first claimed by us, even if that claim was for the inbound edge (where claiming strictly increases our balance). Luckily, providing that information is rather trivial, which we do here. Fixes lightningdevkit#2356
When fulfilling an HTLC, LDK removes the incoming (previous-hop) one first and does not provide a preimage to the signer. This makes it impossible for a validating signer to ensure no funds are lost.
the options are, in order of preference:
The first option will simplify the signer logic, because it will maintain the invariant that incoming value is always
>=outgoing value.Logs from a relevant functional test of LDK+VLS are here: https://gitlab.com/lightning-signer/validating-lightning-signer/-/issues/331
The text was updated successfully, but these errors were encountered: