(Fix and) Test that txn pay at least a minimum relay fee in functional tests #716
Conversation
Codecov Report
@@ Coverage Diff @@
## main #716 +/- ##
==========================================
+ Coverage 91.92% 92.00% +0.07%
==========================================
Files 37 36 -1
Lines 20098 20216 +118
==========================================
+ Hits 18475 18599 +124
+ Misses 1623 1617 -6
Continue to review full report at Codecov.
|
| @@ -3031,9 +3054,14 @@ impl<ChanSigner: ChannelKeys> Channel<ChanSigner> { | |||
| }, | |||
| }; | |||
|
|
|||
| let closing_tx_max_weight = self.get_closing_transaction_weight( | |||
| if let Some(oup) = closing_tx.output.get(0) { Some(&oup.script_pubkey) } else { None }, | |||
There was a problem hiding this comment.
Why would this ever not have 0/1 outputs?
There was a problem hiding this comment.
Close outputs can be dust, causing that channel party's balance to be burned to fees at close.
| } | ||
| if (msg.fee_satoshis as u64) < min_feerate as u64 * closing_tx_max_weight / 1000 { | ||
| if let Some((last_feerate, _, _)) = self.last_sent_closing_fee { | ||
| if min_feerate >= last_feerate { |
There was a problem hiding this comment.
It should be >, not >=?
There was a problem hiding this comment.
If its ==, that means the last time we proposed something to our counterparty it was already min_feerate and they came back with a counter-proposal. Proposing again would get us into a loop.
|
I'm not an expert in weight/fee calculation, but I think this works as intended. Just couple questions. |
| let proposed_total_fee_satoshis = proposed_feerate as u64 * tx_weight / 1000; | ||
|
|
||
| let (closing_tx, total_fee_satoshis) = self.build_closing_transaction(proposed_total_fee_satoshis, false); | ||
| let sig = self.holder_keys | ||
| .sign_closing_transaction(&closing_tx, &self.secp_ctx) | ||
| .ok(); | ||
| assert!(closing_tx.get_weight() as u64 <= tx_weight); |
There was a problem hiding this comment.
Do we assert somewhere we never sign 0-outputs closing transactions ?
There was a problem hiding this comment.
No, I don't think so. I'm not sure what we could do in a world where both sides decide their closing transaction is dust...it feels...more than a bit awkward but you can't stop the closing process and there's not a lot of value in broadcasting it...
| if let Some((_, last_fee, sig)) = self.last_sent_closing_fee { | ||
| if last_fee == msg.fee_satoshis { | ||
| self.build_signed_closing_transaction(&mut closing_tx, &msg.signature, &sig); | ||
| assert!(closing_tx.get_weight() as u64 <= closing_tx_max_weight); | ||
| debug_assert!(closing_tx.get_weight() as u64 >= closing_tx_max_weight - 2); |
There was a problem hiding this comment.
What the reason of this 2 of allowed diff ? Further as the pre-computed weight is done with the knowledge of number of outputs shouldn't assert be strictly equal to effective transaction weight ?
There was a problem hiding this comment.
Signature sizes are variable, here we let it drop by 1 byte, though they could theoretically be even smaller.
There was a problem hiding this comment.
nit: maybe could've used a comment on this point
| if min_feerate >= last_feerate { | ||
| return Err(ChannelError::Close(format!("Unable to come to consensus about closing feerate, remote wanted something lower ({}) than our Background feerate ({}).", last_feerate, min_feerate))); | ||
| } | ||
| min_feerate = fee_estimator.get_est_sat_per_1000_weight(ConfirmationTarget::Background); |
There was a problem hiding this comment.
Can we update min_feerate to Background feerate only if it's superior to min-relay-fee ?
There was a problem hiding this comment.
The feerate API is very explicit that it must always return at least 253. We probably should check it at every callsite (via some wrapper), but this isn't any different for now.
| for output in $tx.output.iter() { | ||
| total_value_out += output.value; | ||
| } | ||
| let min_fee = $tx.get_weight() as u64 / 4; // One sat per vbyte |
There was a problem hiding this comment.
Or instead compute the effective fee based on min feerate per kw and check if value_in - value_out is equal or superior. Rather not introduce reference to vbyte.
There was a problem hiding this comment.
IIUC, bitcoin core requires 1 sat/vbyte, not 1/4 sat/weight, hence the 253 instead of 250. We could check it against 253 sat/weight, but the reality is the minimum is defined in vbytes.
TheBlueMatt
force-pushed
the
2020-09-fee-tests
branch
from
5db2641 to
6bde56e
Compare
| 1 + // witness element count | ||
| 4 + // 4 element lengths (multisig dummy, 2 sigs, and witness script) | ||
| self.get_funding_redeemscript().len() as u64 + // funding witness script | ||
| 2*(1 + 71); // two signatures + sighash type flags |
There was a problem hiding this comment.
IIRC aren't Bitcoin standard (BIP66) ECDSA sigs at most 72? I think we can trigger new asserts as they check real-transaction-weight <= not-bigger-expected-weight ?
There was a problem hiding this comment.
Hmm...you may be right, but tests aren't failing. Is it because low-s means we never sign something with an S that has the high bit set (so never need a 0-byte prefix in S)?
There was a problem hiding this comment.
After an extended conversation on IRC today, we noted that secp's verify function will fail for high-S, and low-S' requirement is that the S field is <0x7F...., which always has the top bit unset, implying 71 bytes for the DER signature, so I think this is fine. I went ahead and added a comment noting this.
TheBlueMatt
force-pushed
the
2020-09-fee-tests
branch
from
6bde56e to
22e20ec
Compare
|
Code Review ACK 22e20ec pending on fixing comment : #716 (comment) |
TheBlueMatt
force-pushed
the
2020-09-fee-tests
branch
from
22e20ec to
e6228f7
Compare
|
@ariard also pointed out on IRC that weight is always rounded up to calculate vbytes for feerates - I updated the PR to match. |
Though hopefully we never see a fee of 2.1 million BTC, either...
This resolves a number of bugs around how we calculate feerates on closing transactions: * We previously calculated the weight wrong both by always counting two outputs instead of counting the number of outputs that actually exist in the closing transaction and by not counting the witness redeemscript. * We use assertions to check the calculated weight matches what we actually build (with debug_assertions for variable-length sigs). * As an additional sanity check, we really should check that the transaction had at least min-relay-fee when we were the channel initator.
TheBlueMatt
force-pushed
the
2020-09-fee-tests
branch
from
e6228f7 to
9d206a3
Compare
|
Also rebased on upstream to pull CI fixes. |
| total_value_out += output.value; | ||
| } | ||
| let min_fee = ($tx.get_weight() as u64 + 3) / 4; // One sat per vbyte (ie per weight/4, rounded up) | ||
| // Input amount must be no larger than output amount + minimum relay fee |
There was a problem hiding this comment.
"Input amount must be larger than output amount + minimum relay fee" as it's okay to have a far larger fee than minimum relay ?
This also pays a fee on the transactions we generate in response to SpendableOutputDescriptors in tests. This fixes the known issues in lightningdevkit#630, though we should test for standardness in other ways as well.
TheBlueMatt
force-pushed
the
2020-09-fee-tests
branch
from
9d206a3 to
3219926
Compare
|
Code Review ACK 3219926 |
| if let Some((_, last_fee, sig)) = self.last_sent_closing_fee { | ||
| if last_fee == msg.fee_satoshis { | ||
| self.build_signed_closing_transaction(&mut closing_tx, &msg.signature, &sig); | ||
| assert!(closing_tx.get_weight() as u64 <= closing_tx_max_weight); | ||
| debug_assert!(closing_tx.get_weight() as u64 >= closing_tx_max_weight - 2); |
There was a problem hiding this comment.
nit: maybe could've used a comment on this point
| 1 + // witness element count | ||
| 4 + // 4 element lengths (2 sigs, multisig dummy, and witness script) | ||
| self.get_funding_redeemscript().len() as u64 + // funding witness script | ||
| 2*(1 + 71); // two signatures + sighash type flags |
There was a problem hiding this comment.
are each of the 1's: one 1 for the multisig dummy, one 1 for the sighash flag? (if that makes sense)
There was a problem hiding this comment.
Multisig dummy is counted a few lines up (see comment), both signatures have sighash flags, so hence the 2 here.
This fixes some issues in the close-tx logic as well tests aggressively that we always include a proper fee in transactions.