Abandon API for pending Loop-in swaps

[hieblmi]

This PR introduces a AbandonSwap Api that currently supports only loop-in swaps. Any pending swap's status can be overridden with a new database state called StateFailAbandoned. This command relies on the users judgement to only abandon swaps that don't lead to loss of funds, e.g. if a swap is abandoned that had it's time out path not swept yet.

[bhandras]

Did a quick pass, looking good so far! I think we'll need some test coverage on the client side too. Essentially we want to make sure that calling the API in an on-going swap will indeed abandon it.

[lightninglabs-deploy]

@bhandras: review reminder

[GeorgeTsagk]

Very clean PR 🙌
I identified one issue with the usage of abandonChannel. Let me know if you agree and whether one of my suggestions make sense

[GeorgeTsagk]

why not include some basic info here?
Can't the "abandon" operation result in an error?

[sputn1ck]

Don't we usually have a pattern where if there is only one success state with no information we return an empty response (is in some lnd apis). If there is an error, we return an error

[GeorgeTsagk]

good choice 👍

[GeorgeTsagk]

nit: could fixup this commit? bit tiny

[GeorgeTsagk]

I think you need to change the core structure here. A single channel won't notify all swaps that are waiting to read from it.

Here's an example:
We have 3 loop-ins active, in1 in2 and in3
All of them are waiting to read from s.abandonChan in case the user requests for one of them to be abandoned

User wants to abandon in2 so they call AbandonSwap method and that method writes to s.abandonChan as shown in the line above.

A random swap will read that value once, and then the channel is going to be clear. Let's say that in the above example in1 is reading the value, it checks that in1 != in2 and continues with a noop. The intended swap never received the value over the channel because it was consumed only once by in1.

Here's 2 ways you can proceed with this:

1. Enhance the "abandonChan" into a structure that is able to hold multiple channels for each subscriber (i.e you could have a map[lntypes.Hash]chan Bool which means one dedicated channel for each swap). When user tries to AbandonSwap we will first find the correct channel by accessing the map, and then try to write to that channel.

2. The more hacky approach is for each loop-in to re-write the value of lntypes.Hash into the channel when they check it and realise it doesn't match theirs. In that case the value would be written only once on the channel from this speciifc line above, but then it would ping-pong between all active loop-ins until it would eventually reach the intended target. (hacky and dirty, but only 1 line of code)

[hieblmi]

Thank you for the thorough review and the nice catch. I prefer option 1.) to fix this.

[GeorgeTsagk]

Looks good! just 1 last comment about deleting abandon chans

[GeorgeTsagk]

Here we are not actually making use of the request context, but the current implementation of AbandonSwap is writing to a channel that is not buffered. Why not pass down the request context to the methods?

[GeorgeTsagk]

According to my previous comment we could make use of ctx here and do smth like this

Suggested change

	s.abandonChans[req.SwapHash] <- struct{}{}
	select {
	case s.abandonChans[req.SwapHash] <- struct{}{}:
	case ctx.Done():
	return ctx.Err()
	}

in order to avoid blocking indefinitely.

This also raises a new topic: How are channels erased from memory?
And I think an important parameter here is whether the channel is buffered or not (i.e whether you block while writing to it or not)

1. Buffered channel: That means you immediately return from the above line thus there is also no need for using ctx
   Note: How/When could we delete entries from the map in this case?
2. Unbuffered channel: That means we block in the above line and when the execution resumes either
   i) ctx is done
   ii) swap actually read the signal
   and since the channel is only used once we could safely then delete the channel from the map

Seems to me like sticking with 2 (unbuffered channels) is more simple, so I would suggest adding this line on top of the function

// When this function returns there is no use of the swap's abandon chan.
defer delete(s.abandonChans, req.SwapHash)

given that the upper block of code with the select statement and ctx is used too

[GeorgeTsagk]

Or if there is another place in the code where client receives signals from swaps when they reach a final state we could delete the map entry there, as it is no longer of use

[hieblmi]

Great points @GeorgeTsagk, thank you!

I think the defer delete however should only be applied if the swap was successfully abandoned, which could still fail even if it was sent on abandon channel. So one might try later again to abandon?

Let me check out the places where we delete from the map.

Thanks again.

[hieblmi]

The deletion introduces another problem, namely concurrent access to the channel map. I solved this by introducing a Mutx to the executor that is locked when a loop-in is created and locked again when a swap finishes.

Would be interested in alternative solutions.

[GeorgeTsagk]

Great work, LGTM 🤌

[bhandras]

Looks really good now! Just a question on my side whether we should allow abandoning a loopin swap if the client already published the htlc (because they won't sweep it back then and it'll just hang in limbo) and some smallish comments.

[bhandras]

nit: doc seems to be out of sync.

[bhandras]

See other comment, if we go with a simple error then there's no need to fix these comments.

[bhandras]

nit: seems out of sync.

[bhandras]

nit: add space at the end.

[bhandras]

nit: missing period.

[bhandras]

nit: missing period.

[sputn1ck]

to me the result struct here does not really make sense. The enums are only ever used in conjunction with an error (besides the ABANDON_IN_PROGRESS enum), this means that on the loop-cli side we will always just print the written out error instead of the enum. IMO the swap response can just be empty if successful and throw an error otherwise.

[bhandras]

I tend to agree with this.

[sputn1ck]

see earlier comment, but we will always error out, except on empty response.

[bhandras]

LGTM, pending decision about the status enum vs just returning an error.

[bhandras]

I tend to agree with this.

[bhandras]

See other comment, if we go with a simple error then there's no need to fix these comments.

[bhandras]

nit: can extract this block as a method and then reuse in waitForSwapToComplete too.

[bhandras]

Still applies.

[bhandras]

LGTM, pending the last few comments 🤓 Great work! 🎉

[bhandras]

nit: it seems there's no need for the line breaks as the delete still fits in 80 cols.

[bhandras]

Instead of passing in this map, it could just be instantiated in NewClient.

[bhandras]

Seems like this is not used?

[bhandras]

nit: no need for line break

[bhandras]

nit: extra nl

[bhandras]

not: no need for so many line breaks.

[bhandras]

nit: extra nl

[bhandras]

How about returning this simply from abandonSwapCancelInvoice()?

[hieblmi]

We rely on the error here, it might be that abandonSwapCancelInvoice() is not returning an error. Also the function might fail due db issues which we want to catch here.

[bhandras]

Perhaps this function could return a bool and and error indicating whether canceling the invoice is necessary. Alternatively, since this function is only called from one place you can just inline it there.

[hieblmi]

Ah right, setStateAbandoned could just handle state and invoice cancellation. Less code 👍

[bhandras]

nit: either move in previous commit or don't move here to make the diff smaller and consistent with the commit intent.

[sputn1ck]

Great work! tACK!

LGTM pending @bhandras comments

[sputn1ck]

nitty nit: missing godoc