Document exactly our CLTV sanitization policy for final incoming HTLCs

Antoine Riard · Antoine Riard · commit 9342ed3861cf · 2020-04-09T22:24:53.000-04:00
We want to avoid a third-party channel closure, where a random node
by sending us a payment expiring at current height, would trigger our
onchain logic to close the channel due to a near-expiration.

PaymentReceived and unknown HTLC cancellation must happen before
LATENCY_GRACE_PERIOD_BLOCKS.
diff --git a/lightning/src/ln/channel.rs b/lightning/src/ln/channel.rs
@@ -1711,8 +1711,6 @@ impl<ChanSigner: ChannelKeys> Channel<ChanSigner> {
 			return Err(ChannelError::Close("Remote provided CLTV expiry in seconds instead of block height"));
 		}
 
-		//TODO: Check msg.cltv_expiry further? Do this in channel manager?
-
 		if self.channel_state & ChannelState::LocalShutdownSent as u32 != 0 {
 			if let PendingHTLCStatus::Forward(_) = pending_forward_state {
 				panic!("ChannelManager shouldn't be trying to add a forwardable HTLC after we've started closing");
diff --git a/lightning/src/ln/channelmanager.rs b/lightning/src/ln/channelmanager.rs
@@ -987,6 +987,10 @@ impl<ChanSigner: ChannelKeys, M: Deref, T: Deref, K: Deref, F: Deref> ChannelMan
 
 				// OUR PAYMENT!
 				// final_expiry_too_soon
+				// Final node can't rely on checking a CLTV_EXPIRY_DELTA which enforces by its own length CLTV_CLAIM_BUFFER so make sure
+				// we don't accept incoming HTLC we wouldn't have time to claim with a worst-case broadcast scenario
+				// Also, in case of unknown payment hash, makes sure payment logic has time to fail backward HTLC before our onchain
+				// logic trigger a channel closure.
 				if (msg.cltv_expiry as u64) < self.latest_block_height.load(Ordering::Acquire) as u64 + (CLTV_CLAIM_BUFFER + LATENCY_GRACE_PERIOD_BLOCKS) as u64 {
 					return_err!("The final CLTV expiry is too soon to handle", 17, &[0;0]);
 				}
diff --git a/lightning/src/util/events.rs b/lightning/src/util/events.rs
@@ -52,7 +52,8 @@ pub enum Event {
 	/// Indicates we've received money! Just gotta dig out that payment preimage and feed it to
 	/// ChannelManager::claim_funds to get it....
 	/// Note that if the preimage is not known or the amount paid is incorrect, you must call
-	/// ChannelManager::fail_htlc_backwards to free up resources for this HTLC.
+	/// ChannelManager::fail_htlc_backwards to free up resources for this HTLC before
+	/// LATENCY_GRACE_PERIOD_BLOCKS to avoid any channel-closure by onchain monitoring.
 	/// The amount paid should be considered 'incorrect' when it is less than or more than twice
 	/// the amount expected.
 	PaymentReceived {

Original file line number	Diff line number	Diff line change
`@@ -1711,8 +1711,6 @@ impl<ChanSigner: ChannelKeys> Channel<ChanSigner> {`
`1711`	`1711`	`return Err(ChannelError::Close("Remote provided CLTV expiry in seconds instead of block height"));`
`1712`	`1712`	`}`
`1713`	`1713`
`1714`		`- //TODO: Check msg.cltv_expiry further? Do this in channel manager?`
`1715`		`-`
`1716`	`1714`	`if self.channel_state & ChannelState::LocalShutdownSent as u32 != 0 {`
`1717`	`1715`	`if let PendingHTLCStatus::Forward(_) = pending_forward_state {`
`1718`	`1716`	`panic!("ChannelManager shouldn't be trying to add a forwardable HTLC after we've started closing");`