Add bigger test for failing HTLCs claimed through revocation

Author: TheBlueMatt

src/ln/channelmanager.rs

@@ -3388,7 +3388,7 @@ mod tests {
 	use rand::{thread_rng,Rng};
 
 	use std::cell::RefCell;
-	use std::collections::{BTreeSet, HashMap};
+	use std::collections::{BTreeSet, HashMap, HashSet};
 	use std::default::Default;
 	use std::rc::Rc;
 	use std::sync::{Arc, Mutex};
@@ -6473,6 +6473,227 @@ mod tests {
 		}
 	}
 
+	fn do_test_commitment_revoked_fail_backward_exhaustive(deliver_bs_raa: bool) {
+		// Test that if our counterparty broadcasts a revoked commitment transaction we fail all
+		// pending HTLCs on that channel backwards even if the HTLCs aren't present in our latest
+		// commitment transaction anymore.
+		// To do this, we have the peer which will broadcast a revoked commitment transaction send
+		// a number of update_fail/commitment_signed updates without ever sending the RAA in
+		// response to our commitment_signed. This is somewhat misbehavior-y, though not
+		// technically disallowed and we should probably handle it reasonably.
+		// Note that this is pretty exhaustive as an outbound HTLC which we haven't yet
+		// failed/fulfilled backwards must be in at least one of the latest two remote commitment
+		// transactions:
+		// * Once we move it out of our holding cell/add it, we will immediately include it in a
+		//   commitment_signed (implying it will be in the latest remote commitment transaction).
+		// * Once they remove it, we will send a (the first) commitment_signed without the HTLC,
+		//   and once they revoke the previous commitment transaction (allowing us to send a new
+		//   commitment_signed) we will be free to fail/fulfill the HTLC backwards.
+		let mut nodes = create_network(3);
+
+		// Create some initial channels
+		create_announced_chan_between_nodes(&nodes, 0, 1);
+		let chan_2 = create_announced_chan_between_nodes(&nodes, 1, 2);
+
+		let (payment_preimage, _payment_hash) = route_payment(&nodes[0], &[&nodes[1], &nodes[2]], 3000000);
+		// Get the will-be-revoked local txn from nodes[2]
+		let revoked_local_txn = nodes[2].node.channel_state.lock().unwrap().by_id.get(&chan_2.2).unwrap().last_local_commitment_txn.clone();
+		// Revoke the old state
+		claim_payment(&nodes[0], &[&nodes[1], &nodes[2]], payment_preimage);
+
+		let (_, first_payment_hash) = route_payment(&nodes[0], &[&nodes[1], &nodes[2]], 3000000);
+		let (_, second_payment_hash) = route_payment(&nodes[0], &[&nodes[1], &nodes[2]], 3000000);
+		let (_, third_payment_hash) = route_payment(&nodes[0], &[&nodes[1], &nodes[2]], 3000000);
+
+		assert!(nodes[2].node.fail_htlc_backwards(&first_payment_hash, PaymentFailReason::PreimageUnknown));
+		check_added_monitors!(nodes[2], 1);
+		let updates = get_htlc_update_msgs!(nodes[2], nodes[1].node.get_our_node_id());
+		assert!(updates.update_add_htlcs.is_empty());
+		assert!(updates.update_fulfill_htlcs.is_empty());
+		assert!(updates.update_fail_malformed_htlcs.is_empty());
+		assert_eq!(updates.update_fail_htlcs.len(), 1);
+		assert!(updates.update_fee.is_none());
+		nodes[1].node.handle_update_fail_htlc(&nodes[2].node.get_our_node_id(), &updates.update_fail_htlcs[0]).unwrap();
+		let bs_raa = commitment_signed_dance!(nodes[1], nodes[2], updates.commitment_signed, false, true, false, true);
+		// Drop the last RAA from 3 -> 2
+
+		assert!(nodes[2].node.fail_htlc_backwards(&second_payment_hash, PaymentFailReason::PreimageUnknown));
+		check_added_monitors!(nodes[2], 1);
+		let updates = get_htlc_update_msgs!(nodes[2], nodes[1].node.get_our_node_id());
+		assert!(updates.update_add_htlcs.is_empty());
+		assert!(updates.update_fulfill_htlcs.is_empty());
+		assert!(updates.update_fail_malformed_htlcs.is_empty());
+		assert_eq!(updates.update_fail_htlcs.len(), 1);
+		assert!(updates.update_fee.is_none());
+		nodes[1].node.handle_update_fail_htlc(&nodes[2].node.get_our_node_id(), &updates.update_fail_htlcs[0]).unwrap();
+		nodes[1].node.handle_commitment_signed(&nodes[2].node.get_our_node_id(), &updates.commitment_signed).unwrap();
+		check_added_monitors!(nodes[1], 1);
+		// Note that nodes[1] is in AwaitingRAA, so won't send a CS
+		let as_raa = get_event_msg!(nodes[1], MessageSendEvent::SendRevokeAndACK, nodes[2].node.get_our_node_id());
+		nodes[2].node.handle_revoke_and_ack(&nodes[1].node.get_our_node_id(), &as_raa).unwrap();
+		check_added_monitors!(nodes[2], 1);
+
+		assert!(nodes[2].node.fail_htlc_backwards(&third_payment_hash, PaymentFailReason::PreimageUnknown));
+		check_added_monitors!(nodes[2], 1);
+		let updates = get_htlc_update_msgs!(nodes[2], nodes[1].node.get_our_node_id());
+		assert!(updates.update_add_htlcs.is_empty());
+		assert!(updates.update_fulfill_htlcs.is_empty());
+		assert!(updates.update_fail_malformed_htlcs.is_empty());
+		assert_eq!(updates.update_fail_htlcs.len(), 1);
+		assert!(updates.update_fee.is_none());
+		nodes[1].node.handle_update_fail_htlc(&nodes[2].node.get_our_node_id(), &updates.update_fail_htlcs[0]).unwrap();
+		// At this point first_payment_hash has dropped out of the latest two commitment
+		// transactions that nodes[1] is tracking...
+		nodes[1].node.handle_commitment_signed(&nodes[2].node.get_our_node_id(), &updates.commitment_signed).unwrap();
+		check_added_monitors!(nodes[1], 1);
+		// Note that nodes[1] is (still) in AwaitingRAA, so won't send a CS
+		let as_raa = get_event_msg!(nodes[1], MessageSendEvent::SendRevokeAndACK, nodes[2].node.get_our_node_id());
+		nodes[2].node.handle_revoke_and_ack(&nodes[1].node.get_our_node_id(), &as_raa).unwrap();
+		check_added_monitors!(nodes[2], 1);
+
+		// Add a fourth HTLC, this one will get sequestered away in nodes[1]'s holding cell waiting
+		// on nodes[2]'s RAA.
+		let route = nodes[1].router.get_route(&nodes[2].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
+		let (_, fourth_payment_hash) = get_payment_preimage_hash!(nodes[0]);
+		nodes[1].node.send_payment(route, fourth_payment_hash).unwrap();
+		assert!(nodes[1].node.get_and_clear_pending_msg_events().is_empty());
+		assert!(nodes[1].node.get_and_clear_pending_events().is_empty());
+		check_added_monitors!(nodes[1], 0);
+
+		if deliver_bs_raa {
+			nodes[1].node.handle_revoke_and_ack(&nodes[2].node.get_our_node_id(), &bs_raa).unwrap();
+			// One monitor for the new revocation preimage, one as we generate a commitment for
+			// nodes[0] to fail first_payment_hash backwards.
+			check_added_monitors!(nodes[1], 2);
+		}
+
+		let mut failed_htlcs = HashSet::new();
+		assert!(nodes[1].node.get_and_clear_pending_events().is_empty());
+
+		let header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42};
+		nodes[1].chain_monitor.block_connected_with_filtering(&Block { header, txdata: vec![revoked_local_txn[0].clone()] }, 1);
+
+		let events = nodes[1].node.get_and_clear_pending_events();
+		assert_eq!(events.len(), 1);
+		match events[0] {
+			Event::PaymentFailed { ref payment_hash, .. } => {
+				assert_eq!(*payment_hash, fourth_payment_hash);
+			},
+			_ => panic!("Unexpected event"),
+		}
+
+		if !deliver_bs_raa {
+			// If we delivered the RAA already then we already failed first_payment_hash backwards.
+			check_added_monitors!(nodes[1], 1);
+		}
+
+		let events = nodes[1].node.get_and_clear_pending_msg_events();
+		assert_eq!(events.len(), if deliver_bs_raa { 3 } else { 2 });
+		match events[if deliver_bs_raa { 2 } else { 0 }] {
+			MessageSendEvent::BroadcastChannelUpdate { msg: msgs::ChannelUpdate { .. } } => {},
+			_ => panic!("Unexpected event"),
+		}
+		if deliver_bs_raa {
+			match events[0] {
+				MessageSendEvent::UpdateHTLCs { ref node_id, updates: msgs::CommitmentUpdate { ref update_add_htlcs, ref update_fail_htlcs, ref update_fulfill_htlcs, ref update_fail_malformed_htlcs, .. } } => {
+					assert_eq!(nodes[2].node.get_our_node_id(), *node_id);
+					assert_eq!(update_add_htlcs.len(), 1);
+					assert!(update_fulfill_htlcs.is_empty());
+					assert!(update_fail_htlcs.is_empty());
+					assert!(update_fail_malformed_htlcs.is_empty());
+				},
+				_ => panic!("Unexpected event"),
+			}
+		}
+		// Due to the way backwards-failing occurs we do the updates in two steps.
+		let updates = match events[1] {
+			MessageSendEvent::UpdateHTLCs { ref node_id, updates: msgs::CommitmentUpdate { ref update_add_htlcs, ref update_fail_htlcs, ref update_fulfill_htlcs, ref update_fail_malformed_htlcs, ref commitment_signed, .. } } => {
+				assert!(update_add_htlcs.is_empty());
+				assert_eq!(update_fail_htlcs.len(), 1);
+				assert!(update_fulfill_htlcs.is_empty());
+				assert!(update_fail_malformed_htlcs.is_empty());
+				assert_eq!(nodes[0].node.get_our_node_id(), *node_id);
+
+				nodes[0].node.handle_update_fail_htlc(&nodes[1].node.get_our_node_id(), &update_fail_htlcs[0]).unwrap();
+				nodes[0].node.handle_commitment_signed(&nodes[1].node.get_our_node_id(), commitment_signed).unwrap();
+				check_added_monitors!(nodes[0], 1);
+				let (as_revoke_and_ack, as_commitment_signed) = get_revoke_commit_msgs!(nodes[0], nodes[1].node.get_our_node_id());
+				nodes[1].node.handle_revoke_and_ack(&nodes[0].node.get_our_node_id(), &as_revoke_and_ack).unwrap();
+				check_added_monitors!(nodes[1], 1);
+				let bs_second_update = get_htlc_update_msgs!(nodes[1], nodes[0].node.get_our_node_id());
+				nodes[1].node.handle_commitment_signed(&nodes[0].node.get_our_node_id(), &as_commitment_signed).unwrap();
+				check_added_monitors!(nodes[1], 1);
+				let bs_revoke_and_ack = get_event_msg!(nodes[1], MessageSendEvent::SendRevokeAndACK, nodes[0].node.get_our_node_id());
+				nodes[0].node.handle_revoke_and_ack(&nodes[1].node.get_our_node_id(), &bs_revoke_and_ack).unwrap();
+				check_added_monitors!(nodes[0], 1);
+
+				if !deliver_bs_raa {
+					// If we delievered B's RAA we got an unknown preimage error, not something
+					// that we should update our routing table for.
+					let events = nodes[0].node.get_and_clear_pending_msg_events();
+					assert_eq!(events.len(), 1);
+					match events[0] {
+						MessageSendEvent::PaymentFailureNetworkUpdate { .. } => {},
+						_ => panic!("Unexpected event"),
+					}
+				}
+				let events = nodes[0].node.get_and_clear_pending_events();
+				assert_eq!(events.len(), 1);
+				match events[0] {
+					Event::PaymentFailed { ref payment_hash, .. } => {
+						assert!(failed_htlcs.insert(*payment_hash));
+					},
+					_ => panic!("Unexpected event"),
+				}
+
+				bs_second_update
+			},
+			_ => panic!("Unexpected event"),
+		};
+
+		assert!(updates.update_add_htlcs.is_empty());
+		assert_eq!(updates.update_fail_htlcs.len(), 2);
+		assert!(updates.update_fulfill_htlcs.is_empty());
+		assert!(updates.update_fail_malformed_htlcs.is_empty());
+		nodes[0].node.handle_update_fail_htlc(&nodes[1].node.get_our_node_id(), &updates.update_fail_htlcs[0]).unwrap();
+		nodes[0].node.handle_update_fail_htlc(&nodes[1].node.get_our_node_id(), &updates.update_fail_htlcs[1]).unwrap();
+		commitment_signed_dance!(nodes[0], nodes[1], updates.commitment_signed, false, true);
+
+		let events = nodes[0].node.get_and_clear_pending_msg_events();
+		assert_eq!(events.len(), 2);
+		for event in events {
+			match event {
+				MessageSendEvent::PaymentFailureNetworkUpdate { .. } => {},
+				_ => panic!("Unexpected event"),
+			}
+		}
+
+		let events = nodes[0].node.get_and_clear_pending_events();
+		assert_eq!(events.len(), 2);
+		match events[0] {
+			Event::PaymentFailed { ref payment_hash, .. } => {
+				assert!(failed_htlcs.insert(*payment_hash));
+			},
+			_ => panic!("Unexpected event"),
+		}
+		match events[1] {
+			Event::PaymentFailed { ref payment_hash, .. } => {
+				assert!(failed_htlcs.insert(*payment_hash));
+			},
+			_ => panic!("Unexpected event"),
+		}
+
+		assert!(failed_htlcs.contains(&first_payment_hash));
+		assert!(failed_htlcs.contains(&second_payment_hash));
+		assert!(failed_htlcs.contains(&third_payment_hash));
+	}
+
+	#[test]
+	fn test_commitment_revoked_fail_backward_exhaustive() {
+		do_test_commitment_revoked_fail_backward_exhaustive(false);
+		do_test_commitment_revoked_fail_backward_exhaustive(true);
+	}
+
 	#[test]
 	fn test_htlc_ignore_latest_remote_commitment() {
 		// Test that HTLC transactions spending the latest remote commitment transaction are simply