Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Locked funds due to funding a channel with a transaction with the wrong txid from a P2SH wallet #4416

Closed
openoms opened this issue Mar 8, 2021 · 4 comments
Closed

Locked funds due to funding a channel with a transaction with the wrong txid from a P2SH wallet #4416

openoms opened this issue Mar 8, 2021 · 4 comments

Comments

@openoms
Copy link
Contributor

openoms commented Mar 8, 2021
edited
Loading

I have attempted to fund a channel from an external P2SH wallet
When converting the PSBT to a rawtxn the txid has changed.
The transaction broadcasted sent the the right amount to the right address, but the txid was not which was passed to fundchannel_complete.
Unfortunately the transaction has confirmed quickly so now I need to find a way to recover it.
The channel peer is Fulmo - running c-lightning also.

To help to reproduce:
Funding start:

$  lightning-cli fundchannel_start 024a8228d764091fce2ed67e1a7404f83e38ea3c7cb42030a2789e73cf3b341365 1980400 11000 false
{
   "funding_address": "bc1qa8guuljuzsc9auqcz7vrr8lw33yy6kmyglw0f9lg33cevqmaffdq73fr5g",
   "scriptpubkey": "0020e9d1ce7e5c14305ef0181798319fee8c484d5b6447dcf497e88c7196037d4a5a"
}

The created PSBT contained the scriptpubkey:

 $ bitcoin-cli decodepsbt cHNidP8BAH4CAAAAATw1PfctMJUkgKsP/VfeXUxlYhVXfY+gAlCnqMckpVeRCgAAAAD9////AvA3HgAAAAAAIgAg6dHOflwUMF7wGBeYMZ/ujEhNW2RH3PSX6IxxlgN9SloNIgAAAAAAABepFA41rP1bo8mRlr1cMVhvdrqtMvPDhwAAAAAAAQEgmGEeAAAAAAAXqRTHgyH9vJ7ddERhGKjlKEIzO5e4LIcBBxcWABS6jjPeDE6pIVIj1Bkv+PT4yY77WwEIawJHMEQCICe+xIBosXGLOmRGoGjAEreWp5dC5X+z68R7nTg39bU6AiA5nk2KfNAGSUcfXvQ1n2Apoh5DTNU3fyxqfOn1r0QEYwEhAg8+YjtGpHWRsm5RDsJ74oEA9kET1YA4Hy6edCuLeISJAAABABYAFC5Ia9dmOF9kLpuWncBloSz9QQHuIgIC22vnu7hmpD2662fwkEw2lOyXlos3cYYbqKbEhcGUW5cMR52s0gEAAAAnAAAAAA== | grep 0020e9d1ce7e5c14305ef0181798319fee8c484d5b6447dcf497e88c7196037d4a5a
          "hex": "0020e9d1ce7e5c14305ef0181798319fee8c484d5b6447dcf497e88c7196037d4a5a",

And the txid ( Specter Desktop showed also: 408abf9ae8e2228266ea30985fa3bb47ee5e9fb964263bf2bb4166226bb33ea3):

$ bitcoin-cli decodepsbt cHNidP8BAH4CAAAAATw1PfctMJUkgKsP/VfeXUxlYhVXfY+gAlCnqMckpVeRCgAAAAD9////AvA3HgAAAAAAIgAg6dHOflwUMF7wGBeYMZ/ujEhNW2RH3PSX6IxxlgN9SloNIgAAAAAAABepFA41rP1bo8mRlr1cMVhvdrqtMvPDhwAAAAAAAQEgmGEeAAAAAAAXqRTHgyH9vJ7ddERhGKjlKEIzO5e4LIcBBxcWABS6jjPeDE6pIVIj1Bkv+PT4yY77WwEIawJHMEQCICe+xIBosXGLOmRGoGjAEreWp5dC5X+z68R7nTg39bU6AiA5nk2KfNAGSUcfXvQ1n2Apoh5DTNU3fyxqfOn1r0QEYwEhAg8+YjtGpHWRsm5RDsJ74oEA9kET1YA4Hy6edCuLeISJAAABABYAFC5Ia9dmOF9kLpuWncBloSz9QQHuIgIC22vnu7hmpD2662fwkEw2lOyXlos3cYYbqKbEhcGUW5cMR52s0gEAAAAnAAAAAA== | grep txid
    "txid": "408abf9ae8e2228266ea30985fa3bb47ee5e9fb964263bf2bb4166226bb33ea3",
        "txid": "9157a524c7a8a75002a08f7d571562654c5dde57fd0fab802495302df73d353c",

TXID Confirmed in Specter Desktop
image

Passed the txid to fundchannel_complete:

$ lightning-cli fundchannel_complete 024a8228d764091fce2ed67e1a7404f83e38ea3c7cb42030a2789e73cf3b341365 408abf9ae8e2228266ea30985fa3bb47ee5e9fb964263bf2bb4166226bb33ea3 0
{
   "channel_id": "a33eb36b226641bbf23b2664b99f5eee47bba35f9830ea668222e2e89abf8a40",
   "commitments_secured": true
}

Now the issue was that imported the PSBT to Electrum to broadcast and did not realize that it shows a changed TXID (but the funding address and amount remained the same):
image

The raw transaction broadcasted:

020000000001013c353df72d30952480ab0ffd57de5d4c656215577d8fa00250a7a8c724a557910a00000017160014ba8e33de0c4ea9215223d4192ff8f4f8c98efb5bfdffffff02f0371e0000000000220020e9d1ce7e5c14305ef0181798319fee8c484d5b6447dcf497e88c7196037d4a5a0d2200000000000017a9140e35acfd5ba3c99196bd5c31586f76baad32f3c38702473044022027bec48068b1718b3a6446a068c012b796a79742e57fb3ebc47b9d3837f5b53a0220399e4d8a7cd00649471f5ef4359f6029a21e434cd5377f2c6a7ce9f5af4404630121020f3e623b46a47591b26e510ec27be28100f64113d580381f2e9e742b8b78848900000000

The actual confirmed transaction: https://blockstream.info/search?q=f74459ad229f47edb0835925c4211f51bac2a879bd466173f02b43a9fdce38ae

As discussed with on the developer meeting with @rustyrussell :

  • When the accident already happened a (dev) tool to extract the funding pubkeys and sign the manually constructed transaction could help to recover the funds although the cooperation of the channel peer is needed.
  • There were problems identified before when funding from P2SH wallets - could there be checks in place to avoid a similar thing happen in the future? Possibly even an externally built transaction could be broadcasted by c-lightning so it it could make the last checks.

Thank you for your time spent on looking into this.
@openoms openoms changed the title Locked funds due to funding channel with the wrong txid from a P2SH walet Locked funds due to funding a channel with a tranmsaction with the wrong txid from a P2SH wallet Mar 8, 2021
@openoms openoms changed the title Locked funds due to funding a channel with a tranmsaction with the wrong txid from a P2SH wallet Locked funds due to funding a channel with a transaction with the wrong txid from a P2SH wallet Mar 8, 2021
@rustyrussell
Copy link
Contributor

OK, the txid of the global tx is NOT the txid of the PSBT! I spoke with @achow101 and I think we both winced that bitcoin-core and spectre display the txid, as it's dangerous.

Now, for non-P2SH-wrapped segwit inputs, the txid of the PSBT will be the global tx TXID. But they're the exception! We have a function of our own which calculates it properly (https://github.com/ElementsProject/lightning/blob/master/bitcoin/psbt.c#L787).

Perhaps we should allow fundchannel_complete to take a PSBT? Then it would Do The Right Thing? @niftynei ?

@openoms openoms mentioned this issue Mar 9, 2021
Closed
@niftynei
Copy link
Collaborator

niftynei commented Mar 9, 2021

Perhaps we should allow fundchannel_complete to take a PSBT? Then it would Do The Right Thing? @niftynei ?

Agreed. A PSBT and/or a raw transaction in lieu of the txid & outpoint would be a huge improvement here.

We can identify the appropriate out-index by finding the expected funding script, etc.

@niftynei niftynei closed this as completed Mar 9, 2021
@niftynei niftynei reopened this Mar 9, 2021
@rustyrussell rustyrussell mentioned this issue Mar 10, 2021
Merged
rustyrussell added a commit to rustyrussell/lightning that referenced this issue Mar 12, 2021
@rustyrussell
lightningd/opening_control: allow single-arg fundchannel_complete wit…
d4200a5 
…h PSBT

Requiring the user to calculate the txid of the PSBT is a horrible, bad,
no-good idea.

Doesn't deprecate yet, so I can test that this path works while
multifundchannel still uses it.

Fixes: ElementsProject#4416 (at least for future users!)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Changelog-Added: JSON-RPC: `fundchannel_complete` takes a psbt parameter.
@rustyrussell rustyrussell mentioned this issue Mar 12, 2021
Merged
rustyrussell added a commit to rustyrussell/lightning that referenced this issue Mar 12, 2021
@rustyrussell
lightningd/opening_control: allow single-arg fundchannel_complete wit…
043e8a2 
…h PSBT

Requiring the user to calculate the txid of the PSBT is a horrible, bad,
no-good idea.

Doesn't deprecate yet, so I can test that this path works while
multifundchannel still uses it.

Fixes: ElementsProject#4416 (at least for future users!)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Changelog-Added: JSON-RPC: `fundchannel_complete` takes a psbt parameter.
rustyrussell added a commit to rustyrussell/lightning that referenced this issue Mar 15, 2021
@rustyrussell
lightningd/opening_control: allow single-arg fundchannel_complete wit…
7a61f2c 
…h PSBT

Requiring the user to calculate the txid of the PSBT is a horrible, bad,
no-good idea.

Doesn't deprecate yet, so I can test that this path works while
multifundchannel still uses it.

Fixes: ElementsProject#4416 (at least for future users!)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Changelog-Added: JSON-RPC: `fundchannel_complete` takes a psbt parameter.
rustyrussell added a commit to rustyrussell/lightning that referenced this issue Mar 15, 2021
@rustyrussell
lightningd/opening_control: allow single-arg fundchannel_complete wit…
73a2149 
…h PSBT

Requiring the user to calculate the txid of the PSBT is a horrible, bad,
no-good idea.

Doesn't deprecate yet, so I can test that this path works while
multifundchannel still uses it.

Fixes: ElementsProject#4416 (at least for future users!)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Changelog-Added: JSON-RPC: `fundchannel_complete` takes a psbt parameter.
@openoms
Copy link
Contributor Author

openoms commented Mar 19, 2021

Next related question here is if there is anything left that can be done now or possibly in the future if the 2016 blocks have passed since the attempted funding?

Or is there any data which can be extracted now and possibly used later and will be deleted at the pending channel expiry?

@openoms
Copy link
Contributor Author

openoms commented Mar 22, 2021

Ok learned on the developer meeting and IRC that this proposal can help the case:
lightning/bolts#854 even retrospectively if the peer happens to remember enough to recover. Will continue with testing and exploring the details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rustyrussell @niftynei @openoms