Close pending channel when unexpected error is returned from PublishTransaction #5158
Conversation
In this commit, we will abort the funding flow when the error returned from PublishTransaction is unknown, which happens in two calls, in start() and in handleFundingSigned(). The pending open channel will be closed in the first case. In addition to that, the error message is sent to peer in the second case.
yyforyongyu
changed the title
yyforyongyu
changed the title
yyforyongyu
force-pushed
the
4760-fix-tx-error
branch
from
ba55e0b to
046c5b7
Compare
| "ChannelPoint(%v): %v", fundingTxBuf.Bytes(), | ||
| ch.FundingOutpoint, err) | ||
|
|
||
| // Note that the ErrDoubleSpend actually wraps two erros returned from |
There was a problem hiding this comment.
| // Note that the ErrDoubleSpend actually wraps two erros returned from | |
| // Note that the ErrDoubleSpend actually wraps two errors returned from |
|
With external funding I've had a case where the publish had an error but then the channel did confirm anyway and everything worked out. This was due to a funding tx that was valid but had an unconfirmed parent that was pushed out of the local mempool due to fee conditions, making the child invalid |
Sounds like it's due to the check here that causes the btcwallet to return an |
Crypt-iQ
added
funding
|
It could be dangerous to assume a publication error means the channel will never confirm. An alternative solution that could be more "safe" is one I started way back: #1755 Essentially the idea here was to make it possible to "release" the inputs used to the funding tx, and then wait for them to be spent before abandoning the channel. |
Not disagreeing, but under what circumstances can this occur? |
Yeah agreed. I think one direction is to look deeper into what is causing the publication error, probably here in btcwallet and here in The other solution you mentioned, if I got it right, which is to double spend the input then fails the channel. This is nice as we don't need to examine each of the errors. However what if the input was never spent again and the pending channel would stuck there forever? |
Alex mentioned one above. Also in case of Neutrino we currently just look at any errors the peers sends us (tbh we should probably change this) to determine if publication succeeded. This means that the peer could easily trick us by sending a fake reject.
I think this is just a cosmetic edge case. If the input is never spent again then the use most likely isn't actively using the wallet. |
how did the channel eventually confirm? |
I'd imagine a case where you have an unconfirrmed parent, that isn't present on the local machine but then it does confirm, you restart lnd, this rebroadcasts, now your channel that failed broadcast locally initially is confirmed |
|
In Alex's scenario with this patch, the funding tx would not be broadcast and then the pending channel is failed. Which would be fine as rebroadcast would not be attempted on startup (and thus won't ever get into the mempool). For neutrino, as Johan said, the peer could lie in For the PR that Johan linked, it would forget the channel if the funding tx's inputs are used. But, if lnd has locked these inputs, it may not be possible to spend these inputs and forget the channel. The linked issue is mostly concerned with policy-level checks. I think we could do some sanity checks before the transaction is ever broadcast in |
|
!lightninglabs-deploy mute 2022-Feb-21 |
Roasbeef
added
P1
|
@yyforyongyu please ping when ready for review. |
|
@bhandras: review reminder |
|
Superseded by #6400? |
|
Replaced by #6400. |
|
Since this PR is replaced by #6400, removed the release milestone |
8 participants
Fix #4760
We will abort the funding flow and close the pending channel if the returned error from
PublishTransactionis unexpected.