Add anchor outputs pair in commitment tx

The anchor ouputs pair is added if there are pending HTLCs. Or a
a per-party anchor is added if this party has a pending balance.

Author: Antoine Riard

lightning/src/ln/channel.rs

@@ -906,8 +906,6 @@ impl<ChanSigner: ChannelKeys> Channel<ChanSigner> {
 			}
 		}
 
-		// If we initiate the commitment update, inbound HTLC flowing from our counterparty
-		// to us
 		for ref htlc in self.pending_inbound_htlcs.iter() {
 			let (include, state_name) = match htlc.state {
 				InboundHTLCState::RemoteAnnounced(_) => (!building_for_counterparty, "RemoteAnnounced"),
@@ -987,14 +985,27 @@ impl<ChanSigner: ChannelKeys> Channel<ChanSigner> {
 			broadcaster_max_commitment_tx_output.1 = cmp::max(broadcaster_max_commitment_tx_output.1, counterparty_value_msat as u64);
 		}
 
-		let total_fee = feerate_per_kw as u64 * (COMMITMENT_TX_BASE_WEIGHT + (txouts.len() as u64) * COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000;
+		// If `option_anchor_output` applies to the commitment transaction,
+		// * we account anchor output weight in commitment *expected weight*
+		// * we substract two times the fixed anchor sizze of 330 sats from funder balance
+		//
+		// Note, we already enforced that funder can afford two anchors at `update_add_htlc`
+		// acceptance.
+
+		let total_fee: u64 = feerate_per_kw as u64 * (COMMITMENT_TX_BASE_WEIGHT + (txouts.len() as u64) * COMMITMENT_TX_WEIGHT_PER_HTLC + 2 * COMMITMENT_TX_WEIGHT_PER_ANCHOR) / (1000 as u64);
+
 		let (holder_value, counterparty_value) = if self.channel_outbound {
-			(holder_value_msat / 1000 - total_fee as i64, counterparty_value_msat / 1000)
+			(holder_value_msat / 1000 - total_fee as i64 - 2 * ANCHOR_OUTPUT_VALUE as i64, counterparty_value_msat / 1000)
 		} else {
-			(holder_value_msat / 1000, counterparty_value_msat / 1000 - total_fee as i64)
+			(holder_value_msat / 1000, counterparty_value_msat / 1000 - total_fee as i64 - 2 * ANCHOR_OUTPUT_VALUE as i64)
 		};
 
 		let (value_to_a, value_to_b) = if !building_for_counterparty { (holder_value, counterparty_value) } else { (counterparty_value, holder_value) };
+		let (funding_pubkey_a, funding_pubkey_b) = if !building_for_counterparty {
+			(self.holder_keys.pubkeys().funding_pubkey, self.counterparty_pubkeys.as_ref().unwrap().funding_pubkey)
+		} else {
+			(self.counterparty_pubkeys.as_ref().unwrap().funding_pubkey, self.holder_keys.pubkeys().funding_pubkey)
+		};
 
 		if value_to_a >= (broadcaster_dust_limit_satoshis as i64) {
 			log_trace!(logger, "   ...including {} output with value {}", if !building_for_counterparty { "to_local" } else { "to_remote" }, value_to_a);
@@ -1021,6 +1032,27 @@ impl<ChanSigner: ChannelKeys> Channel<ChanSigner> {
 			}, None));
 		}
 
+		// If `option_anchor_output` applies to the commitment transaction, we materialize
+		// anchors :
+		//  * we add anchors for both parties, if we have untrimmed HTLCs outputs
+		//  * we add anchor for a party, if its balance is present
+		let has_htlcs = counterparty_htlc_total_msat + holder_htlc_total_msat > 0;
+		if has_htlcs || value_to_a >= (broadcaster_dust_limit_satoshis as i64) {
+			log_trace!(logger, "   ...including {} anchor output with value {}", if !building_for_counterparty { "to_local" } else { "to_remote" }, ANCHOR_OUTPUT_VALUE);
+			txouts.push((TxOut {
+				script_pubkey: chan_utils::get_anchor_redeemscript(&funding_pubkey_a).to_v0_p2wsh(),
+				value: ANCHOR_OUTPUT_VALUE,
+			}, None));
+		}
+
+		if has_htlcs || value_to_b >= (broadcaster_dust_limit_satoshis as i64) {
+			log_trace!(logger, "   ...including {} anchor output with value {}", if !building_for_counterparty { "to_remote" } else { "to_local" }, ANCHOR_OUTPUT_VALUE);
+			txouts.push((TxOut {
+				script_pubkey: chan_utils::get_anchor_redeemscript(&funding_pubkey_b).to_v0_p2wsh(),
+				value: ANCHOR_OUTPUT_VALUE,
+			}, None));
+		}
+
 		transaction_utils::sort_outputs(&mut txouts, |a, b| {
 			if let &Some(ref a_htlc) = a {
 				if let &Some(ref b_htlc) = b {

lightning/src/ln/functional_test_utils.rs

@@ -12,6 +12,7 @@
 
 use chain::chaininterface;
 use chain::transaction::OutPoint;
+use ln::channel::ANCHOR_OUTPUT_VALUE;
 use ln::channelmanager::{ChannelManager, ChannelManagerReadArgs, RAACommitmentOrder, PaymentPreimage, PaymentHash, PaymentSecret, PaymentSendFailure};
 use ln::channelmonitor::{ChannelMonitor, ManyChannelMonitor};
 use routing::router::{Route, get_route};
@@ -1229,6 +1230,16 @@ pub fn check_preimage_claim<'a, 'b, 'c>(node: &Node<'a, 'b, 'c>, prev_txn: &Vec<
 	res
 }
 
+pub fn check_anchor_output(tx: &Transaction, anchors: u32) {
+	let mut counting = 0;
+	for outp in &tx.output {
+		if outp.value == ANCHOR_OUTPUT_VALUE {
+			counting += 1;
+		}
+	}
+	assert_eq!(counting, anchors);
+}
+
 pub fn get_announce_close_broadcast_events<'a, 'b, 'c>(nodes: &Vec<Node<'a, 'b, 'c>>, a: usize, b: usize)  {
 	let events_1 = nodes[a].node.get_and_clear_pending_msg_events();
 	assert_eq!(events_1.len(), 1);

lightning/src/ln/functional_tests.rs

@@ -596,8 +596,8 @@ fn test_update_fee_that_funder_cannot_afford() {
 		let commitment_tx = get_local_commitment_txn!(nodes[1], channel_id)[0].clone();
 
 		//We made sure neither party's funds are below the dust limit so -2 non-HTLC txns from number of outputs and -2 for anchor outputs
-		let num_htlcs = commitment_tx.output.len() - 2; //TODO: add +2 in next commit
-		let mut total_fee: u64 = feerate as u64 * (COMMITMENT_TX_BASE_WEIGHT + (num_htlcs as u64) * COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000; //TODO: add anchor weight in next commit
+		let num_htlcs = commitment_tx.output.len() - 4;
+		let mut total_fee: u64 = feerate as u64 * (COMMITMENT_TX_BASE_WEIGHT + (num_htlcs as u64) * COMMITMENT_TX_WEIGHT_PER_HTLC + 2 * COMMITMENT_TX_WEIGHT_PER_ANCHOR) / 1000;
 		let mut actual_fee = commitment_tx.output.iter().fold(0, |acc, output| acc + output.value);
 		actual_fee = channel_value - actual_fee;
 		assert_eq!(total_fee, actual_fee);
@@ -1487,7 +1487,8 @@ fn test_duplicate_htlc_different_direction_onchain() {
 	// Broadcast node 1 commitment txn
 	let remote_txn = get_local_commitment_txn!(nodes[1], chan_1.2);
 
-	assert_eq!(remote_txn[0].output.len(), 4); // 1 local, 1 remote, 1 htlc inbound, 1 htlc outbound
+	assert_eq!(remote_txn[0].output.len(), 6); // 1 local, 1 remote, 1 htlc inbound, 1 htlc outbound, 2 anchors
+	check_anchor_output(&remote_txn[0], 2);
 	let mut has_both_htlcs = 0; // check htlcs match ones committed
 	for outp in remote_txn[0].output.iter() {
 		if outp.value == 800_000 / 1000 {
@@ -1617,21 +1618,21 @@ fn test_fee_spike_violation_fails_htlc() {
 
 	// Get the EnforcingChannelKeys for each channel, which will be used to (1) get the keys
 	// needed to sign the new commitment tx and (2) sign the new commitment tx.
-	let (local_revocation_basepoint, local_htlc_basepoint, local_payment_point, local_secret, local_secret2) = {
+	let (local_revocation_basepoint, local_htlc_basepoint, local_payment_point, local_secret, local_secret2, local_funding_pubkey) = {
 		let chan_lock = nodes[0].node.channel_state.lock().unwrap();
 		let local_chan = chan_lock.by_id.get(&chan.2).unwrap();
 		let chan_keys = local_chan.get_keys();
 		let pubkeys = chan_keys.pubkeys();
 		(pubkeys.revocation_basepoint, pubkeys.htlc_basepoint, pubkeys.payment_point,
-		 chan_keys.release_commitment_secret(INITIAL_COMMITMENT_NUMBER), chan_keys.release_commitment_secret(INITIAL_COMMITMENT_NUMBER - 2))
+		 chan_keys.release_commitment_secret(INITIAL_COMMITMENT_NUMBER), chan_keys.release_commitment_secret(INITIAL_COMMITMENT_NUMBER - 2), pubkeys.funding_pubkey)
 	};
-	let (remote_delayed_payment_basepoint, remote_htlc_basepoint, remote_payment_point, remote_secret1) = {
+	let (remote_delayed_payment_basepoint, remote_htlc_basepoint, remote_payment_point, remote_secret1, remote_funding_pubkey) = {
 		let chan_lock = nodes[1].node.channel_state.lock().unwrap();
 		let remote_chan = chan_lock.by_id.get(&chan.2).unwrap();
 		let chan_keys = remote_chan.get_keys();
 		let pubkeys = chan_keys.pubkeys();
 		(pubkeys.delayed_payment_basepoint, pubkeys.htlc_basepoint, pubkeys.payment_point,
-		 chan_keys.release_commitment_secret(INITIAL_COMMITMENT_NUMBER - 1))
+		 chan_keys.release_commitment_secret(INITIAL_COMMITMENT_NUMBER - 1), pubkeys.funding_pubkey)
 	};
 
 	// Assemble the set of keys we can use for signatures for our commitment_signed message.
@@ -1642,7 +1643,7 @@ fn test_fee_spike_violation_fails_htlc() {
 
 	// Build the remote commitment transaction so we can sign it, and then later use the
 	// signature for the commitment_signed message.
-	let local_chan_balance = 2058;
+	let local_chan_balance = 1311;
 	let static_payment_pk = local_payment_point.serialize();
 	let remote_commit_tx_output = TxOut {
 				script_pubkey: Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0)
@@ -1663,7 +1664,17 @@ fn test_fee_spike_violation_fails_htlc() {
 		amount_msat: 3460001,
 		cltv_expiry: htlc_cltv,
 		payment_hash: payment_hash,
-		transaction_output_index: Some(1),
+		transaction_output_index: Some(3),
+	};
+
+	let local_anchor_output = TxOut {
+		script_pubkey: chan_utils::get_anchor_redeemscript(&local_funding_pubkey).to_v0_p2wsh(),
+		value: 330,
+	};
+
+	let remote_anchor_output = TxOut {
+		script_pubkey: chan_utils::get_anchor_redeemscript(&remote_funding_pubkey).to_v0_p2wsh(),
+		value: 330,
 	};
 
 	let htlc_output = TxOut {
@@ -1699,8 +1710,11 @@ fn test_fee_spike_violation_fails_htlc() {
 		version: 2,
 		lock_time,
 		input: vec![input],
-		output: vec![remote_commit_tx_output, htlc_output, local_commit_tx_output],
+		output: vec![remote_anchor_output, local_anchor_output, remote_commit_tx_output, htlc_output, local_commit_tx_output],
 	};
+	for outp in commit_tx.output.iter() {
+		println!("Scriptpubkey {} value {}", outp.script_pubkey, outp.value);
+	}
 	let res = {
 		let local_chan_lock = nodes[0].node.channel_state.lock().unwrap();
 		let local_chan = local_chan_lock.by_id.get(&chan.2).unwrap();
@@ -2509,7 +2523,8 @@ fn test_justice_tx() {
 	assert_eq!(revoked_local_txn.len(), 2); // First commitment tx, then HTLC tx
 	assert_eq!(revoked_local_txn[0].input.len(), 1);
 	assert_eq!(revoked_local_txn[0].input[0].previous_output.txid, chan_5.3.txid());
-	assert_eq!(revoked_local_txn[0].output.len(), 2); // Only HTLC and output back to 0 are present
+	assert_eq!(revoked_local_txn[0].output.len(), 4); // Only HTLC and output back to 0 are present (+ 0's anchor)
+	check_anchor_output(&revoked_local_txn[0], 2);
 	assert_eq!(revoked_local_txn[1].input.len(), 1);
 	assert_eq!(revoked_local_txn[1].input[0].previous_output.txid, revoked_local_txn[0].txid());
 	assert_eq!(revoked_local_txn[1].input[0].witness.last().unwrap().len(), OFFERED_HTLC_SCRIPT_WEIGHT); // HTLC-Timeout
@@ -2560,7 +2575,8 @@ fn test_justice_tx() {
 	assert_eq!(revoked_local_txn.len(), 1); // Only commitment tx
 	assert_eq!(revoked_local_txn[0].input.len(), 1);
 	assert_eq!(revoked_local_txn[0].input[0].previous_output.txid, chan_6.3.txid());
-	assert_eq!(revoked_local_txn[0].output.len(), 2); // Only HTLC and output back to A are present
+	assert_eq!(revoked_local_txn[0].output.len(), 4); // Only HTLC and output back to A are present (+ A's anchor)
+	check_anchor_output(&revoked_local_txn[0], 2);
 	// Revoke the old state
 	claim_payment(&nodes[0], &vec!(&nodes[1])[..], payment_preimage_4, 3_000_000);
 	{
@@ -2602,7 +2618,8 @@ fn revoked_output_claim() {
 	let revoked_local_txn = get_local_commitment_txn!(nodes[0], chan_1.2);
 	assert_eq!(revoked_local_txn.len(), 1);
 	// Only output is the full channel value back to nodes[0]:
-	assert_eq!(revoked_local_txn[0].output.len(), 1);
+	assert_eq!(revoked_local_txn[0].output.len(), 2);
+	check_anchor_output(&revoked_local_txn[0], 1);
 	// Send a payment through, updating everyone's latest commitment txn
 	send_payment(&nodes[0], &vec!(&nodes[1])[..], 5000000, 5_000_000);
 
@@ -3141,7 +3158,8 @@ fn do_test_commitment_revoked_fail_backward_exhaustive(deliver_bs_raa: bool, use
 	let (payment_preimage, _payment_hash) = route_payment(&nodes[0], &[&nodes[1], &nodes[2]], if no_to_remote { 10_000 } else { 3_000_000 });
 	// Get the will-be-revoked local txn from nodes[2]
 	let revoked_local_txn = get_local_commitment_txn!(nodes[2], chan_2.2);
-	assert_eq!(revoked_local_txn[0].output.len(), if no_to_remote { 1 } else { 2 });
+	assert_eq!(revoked_local_txn[0].output.len(), if no_to_remote { 3 } else { 4 });
+	check_anchor_output(&revoked_local_txn[0], 2);
 	// Revoke the old state
 	claim_payment(&nodes[0], &[&nodes[1], &nodes[2]], payment_preimage, if no_to_remote { 10_000 } else { 3_000_000});
 
@@ -4804,6 +4822,7 @@ fn test_claim_sizeable_push_msat() {
 	assert_eq!(node_txn.len(), 1);
 	check_spends!(node_txn[0], chan.3);
 	assert_eq!(node_txn[0].output.len(), 2); // We can't force trimming of to_remote output as channel_reserve_satoshis block us to do so at channel opening
+	check_anchor_output(&node_txn[0], 1);
 
 	let header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
 	nodes[1].block_notifier.block_connected(&Block { header, txdata: vec![node_txn[0].clone()] }, 0);
@@ -4832,6 +4851,7 @@ fn test_claim_on_remote_sizeable_push_msat() {
 	assert_eq!(node_txn.len(), 1);
 	check_spends!(node_txn[0], chan.3);
 	assert_eq!(node_txn[0].output.len(), 2); // We can't force trimming of to_remote output as channel_reserve_satoshis block us to do so at channel opening
+	check_anchor_output(&node_txn[0], 1);
 
 	let header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
 	nodes[1].block_notifier.block_connected(&Block { header, txdata: vec![node_txn[0].clone()] }, 0);
@@ -5415,7 +5435,8 @@ fn do_test_fail_backwards_unrevoked_remote_announce(deliver_last_raa: bool, anno
 	// Rebalance and check output sanity...
 	send_payment(&nodes[0], &[&nodes[2], &nodes[3], &nodes[4]], 500000, 500_000);
 	send_payment(&nodes[1], &[&nodes[2], &nodes[3], &nodes[5]], 500000, 500_000);
-	assert_eq!(get_local_commitment_txn!(nodes[3], chan.2)[0].output.len(), 2);
+	assert_eq!(get_local_commitment_txn!(nodes[3], chan.2)[0].output.len(), 4);
+	check_anchor_output(&get_local_commitment_txn!(nodes[3], chan.2)[0], 2);
 
 	let ds_dust_limit = nodes[3].node.channel_state.lock().unwrap().by_id.get(&chan.2).unwrap().holder_dust_limit_satoshis;
 	// 0th HTLC:
@@ -5455,7 +5476,8 @@ fn do_test_fail_backwards_unrevoked_remote_announce(deliver_last_raa: bool, anno
 	// We now have six HTLCs pending over the dust limit and six HTLCs under the dust limit (ie,
 	// with to_local and to_remote outputs, 8 outputs and 6 HTLCs not included).
 	assert_eq!(get_local_commitment_txn!(nodes[3], chan.2).len(), 1);
-	assert_eq!(get_local_commitment_txn!(nodes[3], chan.2)[0].output.len(), 8);
+	assert_eq!(get_local_commitment_txn!(nodes[3], chan.2)[0].output.len(), 10);
+	check_anchor_output(&get_local_commitment_txn!(nodes[3], chan.2)[0], 2);
 
 	// Now fail back three of the over-dust-limit and three of the under-dust-limit payments in one go.
 	// Fail 0th below-dust, 4th above-dust, 8th above-dust, 10th below-dust HTLCs
@@ -7510,7 +7532,8 @@ fn test_data_loss_protect() {
 	let node_txn = nodes[1].tx_broadcaster.txn_broadcasted.lock().unwrap().clone();
 	assert_eq!(node_txn.len(), 1);
 	check_spends!(node_txn[0], chan.3);
-	assert_eq!(node_txn[0].output.len(), 2);
+	assert_eq!(node_txn[0].output.len(), 4);
+	check_anchor_output(&node_txn[0], 2);
 	let header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42};
 	nodes[0].block_notifier.block_connected(&Block { header, txdata: vec![node_txn[0].clone()]}, 0);
 	connect_blocks(&nodes[0].block_notifier, ANTI_REORG_DELAY - 1, 0, true, header.block_hash());
@@ -7648,7 +7671,8 @@ fn test_bump_penalty_txn_on_revoked_commitment() {
 
 	let revoked_txn = get_local_commitment_txn!(nodes[0], chan.2);
 	// Revoked commitment txn with 4 outputs : to_local, to_remote, 1 outgoing HTLC, 1 incoming HTLC
-	assert_eq!(revoked_txn[0].output.len(), 4);
+	assert_eq!(revoked_txn[0].output.len(), 6);
+	check_anchor_output(&revoked_txn[0], 2);
 	assert_eq!(revoked_txn[0].input.len(), 1);
 	assert_eq!(revoked_txn[0].input[0].previous_output.txid, chan.3.txid());
 	let revoked_txid = revoked_txn[0].txid();
@@ -7873,7 +7897,8 @@ fn test_bump_penalty_txn_on_remote_commitment() {
 
 	// Remote commitment txn with 4 outputs : to_local, to_remote, 1 outgoing HTLC, 1 incoming HTLC
 	let remote_txn = get_local_commitment_txn!(nodes[0], chan.2);
-	assert_eq!(remote_txn[0].output.len(), 4);
+	assert_eq!(remote_txn[0].output.len(), 6);
+	check_anchor_output(&remote_txn[0], 2);
 	assert_eq!(remote_txn[0].input.len(), 1);
 	assert_eq!(remote_txn[0].input[0].previous_output.txid, chan.3.txid());
 
@@ -7982,7 +8007,8 @@ fn test_set_outpoints_partial_claiming() {
 	// Remote commitment txn with 4 outputs: to_local, to_remote, 2 outgoing HTLC
 	let remote_txn = get_local_commitment_txn!(nodes[1], chan.2);
 	assert_eq!(remote_txn.len(), 3);
-	assert_eq!(remote_txn[0].output.len(), 4);
+	assert_eq!(remote_txn[0].output.len(), 6);
+	check_anchor_output(&remote_txn[0], 2);
 	assert_eq!(remote_txn[0].input.len(), 1);
 	assert_eq!(remote_txn[0].input[0].previous_output.txid, chan.3.txid());
 	check_spends!(remote_txn[1], remote_txn[0]);