Update emergency.recover after every 'commitment_revocation' so that user can sweep funds by penalty transaction. #7772

adi2011 · 2024-10-31T06:13:47Z

This PR would enable nodes to create penalty transaction when the peer publishes an old revoked state using the emergency.recover.

Addresses: #7696

rustyrussell

Nice! Only one minor cleanup suggestion.

I'll rebase now...

rustyrussell · 2024-11-17T23:40:35Z

wallet/wallet.c

+
+	for (u32 pos = 0; pos < chain->chain.num_valid; pos++) {
+		struct secret s;
+		memcpy(&s, &chain->chain.known[pos].hash, sizeof(s));


We have a new macro for, this: CROSS_TYPE_ASSIGNMENT(&s, &chain->chain.known[pos].hash). It checks the two types are same size...

Fixed it. Thanks!!

rustyrussell · 2024-11-18T00:14:31Z

Rebased on master with simple API fixes.

rustyrussell · 2024-11-22T04:09:23Z

This doesn't work for old scb files (as you can tell, from the test!)

It should...

niftynei

seems like a sensible and reasonable change. the commits were very easy to read through, kudos on that!

very cool that we're basically turning peers into watchtowers for ourselves.

common/scb_wire.csv

lightningd/opening_control.c

lightningd/peer_control.c

wallet/test/run-wallet.c

endothermicdev · 2025-02-13T23:52:42Z

The dual funding test is still unhappy. It seems like the htlc and delayed_payment basepoints are still uninitialized at some point when it goes to add the channel scb in tests/test_opening.py::test_multifunding_v2_best_effort. Maybe an additional check is needed for a dual fund channel state?

adi2011 · 2025-02-15T17:23:06Z

The dual funding tests pass now. I am working to figure out the issue with the other failing tests as well.

rustyrussell

Looking fairly good, minor requests only...

rustyrussell · 2025-02-20T03:48:20Z

common/scb_wire.csv

+subtypedata,scb_chan_with_tlvs,id,u64,
+subtypedata,scb_chan_with_tlvs,cid,channel_id,
+subtypedata,scb_chan_with_tlvs,node_id,node_id,
+subtypedata,scb_chan_with_tlvs,unused,u8,


We don't need this field any more!

Yes, thanks for pointing out.

rustyrussell · 2025-02-20T03:53:20Z

plugins/chanbackup.c

 	}

 	if (version != VERSION) {
 		plugin_err(cmd->plugin,
-                           "Incompatible version, Contact the admin!");
+                           "Incompatible SCB file version on disk, contact the admin!");


We should have another commitment at the end which:

prints the versions here!

only gets upset if an unknown EVEN bit is set. i.e. and with "0x5555555555555555" and then check if any bits are set which aren't in VERSION.

That lets us make either incompatible or compatible changes in future.

Thanks! Great idea to use even bits for compatibility. I’ll update the version check to use the bitmask (0x5555555555555555) and print versions in the error message. This makes future changes much cleaner.

rustyrussell · 2025-02-20T03:54:30Z

plugins/chanbackup.c

+	struct scb_chan_with_tlvs **scb_tlvs;
 	struct scb_chan **scb;


Maybe rename scb_tlvs "modern_scbs" and sbc "legacy_scbs"?

rustyrussell · 2025-02-20T03:56:53Z

plugins/chanbackup.c

+			tmp_scb_tlv->type = scb[i]->type;
+			tmp_scb_tlv->tlvs = tlv_scb_tlvs_new(cmd);
+			towire_scb_chan_with_tlvs(&scb_hex, tmp_scb_tlv);
+			json_add_hex(req->js, NULL, scb_hex, tal_bytelen(scb_hex));


json_add_hex_talarr() does this for you, BTW (here and elsewhere)

Done. Thanks for pointing out :)

rustyrussell · 2025-02-20T03:57:15Z

tests/test_misc.py

@@ -2934,7 +2934,6 @@ def test_emergencyrecoverpenaltytxn(node_factory, bitcoind):
    l1.daemon.wait_for_log('Resolved THEIR_REVOKED_UNILATERAL/DELAYED_CHEAT_OUTPUT_TO_THEM by our proposal OUR_PENALTY_TX')

    assert(l1.rpc.listfunds()["channels"][0]["state"] == "ONCHAIN")
-    assert(l1.rpc.listfunds()["outputs"][0]["txid"] == txid)


this fixup should be deleted...

rustyrussell · 2025-02-20T03:58:16Z

plugins/chanbackup.c

+			u8 *scb_hex = tal_arr(cmd, u8, 0);
+			struct scb_chan_with_tlvs *tmp_scb_tlv = tal(cmd, struct scb_chan_with_tlvs);
+			tmp_scb_tlv->id = scb[i]->id;
+			tmp_scb_tlv->addr = scb[i]->addr;
+			tmp_scb_tlv->cid = scb[i]->cid;
+			tmp_scb_tlv->funding = scb[i]->funding;
+			tmp_scb_tlv->funding_sats = scb[i]->funding_sats;
+			tmp_scb_tlv->type = scb[i]->type;
+			tmp_scb_tlv->tlvs = tlv_scb_tlvs_new(cmd);


Perhaps write "convert_legacy_scb()" which does this for us?

rustyrussell · 2025-02-20T04:02:08Z

plugins/chanbackup.c

+			plugin_log(cmd->plugin, LOG_DBG,
+				  "Processing legacy emergency.recover file format. "
+				  "Please migrate to the latest file format for improved "
+				  "compatibility and fund recovery.");


You can use "json_notify_fmt()" to send a notification to the caller (though maybe only log that once,not every time around the loop!).

used plugin_notify_message.

This change will allow subtypes in wiregen files to have tlvstreams. Shifting tlv structs above subtypes in header_template is done to prevent forward declaration. Since generate-wire prepends 'tlv_' in tlvname, we have to modify fromwire_subtype_field and towire_subtype_field in impl_template to accommodate this. Changelog-Added: This PR would turn our peers into watchtower and enable SCB to create penalty txn.

This change allows adding a length prefix to a serialized TLV. It will be particularly useful for serializing all 'scb_chan' entries in the 'emergency.recover' file. Key Changes: - Removed the need to loop in towire_tlv and fromwire_tlv, so the if conditions have been modified accordingly. - During serialization, the length of the TLV is calculated before appending it, and it is stored in a temporary variable. - For fromwire_tlv, only a simple length adjustment is required, and no loop is needed here either.

We define a new subtype 'modern_scb_chan' and a new tlvtype 'scb_tlvs' which includes all the relevant information to create a penalty transaction when the peer tries to cheat. Key Changes: - Rename the old format to 'legacy_scb_chan' and define a new type 'modern_scb_chan' - Include TLVs to 'modern_scb_chan' - Create a new msgtype 'static_chan_backup_with_tlvs' - Modify 'struct channel' to include 'struct modern_scb_chan' - Add these two types to 'varsize_types' in generate.py

These fields enhance 'stub_chan' to make channels which are capable to create penalty transaction in case the peer broadcasts an old revoked state. Key Changes: - Added new params to stub_chan() to accomodate shachain, basepoints, opener, and remote_to_self_delay - Check if any field is NULL inside scb_chan->tlvs and assign them appropriately

This function enables direct persistence of shachain data, ensuring all relevant information is saved upon retrieval. Key Changes: - Adds 'wallet_stub_shachain_init' function to store a retrieved shachain in the database. - Saves initial metadata ('min_index' and 'num_valid') to the 'shachains' table. - Iterates through known shachain secrets, adding each entry to 'shachain_known' with position, index, and hash.

Add the latest shachain when we update the emergency.recover using staticbackup RPC.

The chanbackup plugin should update emergency.recover every time we receive a new commitment secret. Additionally, chanbackup should be able to serialize both the new SCB format and the legacy format. Key Changes: - Added a commitment_revocation plugin hook to update emergency.recover whenever a new revocation secret is received. - Implemented support for the new emergency.recover format while maintaining compatibility with the legacy format.

Key Changes: - Added encrypted_data which contains emergency.recover in the legacy format - Added assert to make sure we watch the funding txn

rustyrussell · 2025-02-21T06:17:16Z

Ack 5256cdb

adi2011 · 2025-02-21T06:42:59Z

Accidentally clicked 'Update branch'—brain has stopped working. 😅

rustyrussell · 2025-02-22T04:06:28Z

Just disable the test under elements, since the tx will be completely different.

This test would make sure that the node would publish a penalty txn when channel partner cheats.

adi2011 force-pushed the enablepenaltytxn branch from bbea1f1 to ca3b3de Compare November 4, 2024 18:45

adi2011 marked this pull request as ready for review November 4, 2024 18:55

adi2011 force-pushed the enablepenaltytxn branch 2 times, most recently from 6c70397 to eeb239f Compare November 4, 2024 19:27

rustyrussell added this to the v24.11 milestone Nov 11, 2024

rustyrussell approved these changes Nov 17, 2024

View reviewed changes

rustyrussell force-pushed the enablepenaltytxn branch from eeb239f to 98b6ae4 Compare November 18, 2024 00:10

adi2011 force-pushed the enablepenaltytxn branch 2 times, most recently from 84bebbf to 7f13d7b Compare November 19, 2024 11:59

rustyrussell force-pushed the enablepenaltytxn branch from 7f13d7b to 6020851 Compare November 19, 2024 20:20

adi2011 force-pushed the enablepenaltytxn branch 2 times, most recently from 4312f07 to 51d0031 Compare November 28, 2024 22:22

adi2011 requested a review from rustyrussell November 28, 2024 22:23

adi2011 force-pushed the enablepenaltytxn branch 3 times, most recently from 1ca3c9b to e20a2c3 Compare November 28, 2024 22:59

niftynei reviewed Dec 3, 2024

View reviewed changes

common/scb_wire.csv Show resolved Hide resolved

lightningd/opening_control.c Show resolved Hide resolved

lightningd/opening_control.c Outdated Show resolved Hide resolved

lightningd/peer_control.c Outdated Show resolved Hide resolved

wallet/test/run-wallet.c Outdated Show resolved Hide resolved

rustyrussell modified the milestones: v24.11, v25.02 Dec 13, 2024

adi2011 force-pushed the enablepenaltytxn branch 2 times, most recently from 2a19613 to 3a967d4 Compare January 20, 2025 08:08

adi2011 requested a review from niftynei January 20, 2025 08:09

ShahanaFarooqui force-pushed the enablepenaltytxn branch from 3a967d4 to 814dede Compare January 21, 2025 23:31

adi2011 force-pushed the enablepenaltytxn branch 2 times, most recently from 573f818 to 80f83bf Compare January 22, 2025 22:22

adi2011 force-pushed the enablepenaltytxn branch 3 times, most recently from 19b249a to ad922bf Compare February 12, 2025 08:09

adi2011 force-pushed the enablepenaltytxn branch 2 times, most recently from 8c2718d to 2836e9b Compare February 13, 2025 06:03

adi2011 force-pushed the enablepenaltytxn branch from 61f9dc1 to 46ba180 Compare February 18, 2025 19:49

rustyrussell reviewed Feb 20, 2025

View reviewed changes

adi2011 requested a review from rustyrussell February 20, 2025 08:39

adi2011 force-pushed the enablepenaltytxn branch 3 times, most recently from 4ba8996 to 5256cdb Compare February 20, 2025 21:42

adi2011 added 8 commits February 21, 2025 03:13

peer_control: Update shainchain and basepoints

c445854

Add the latest shachain when we update the emergency.recover using staticbackup RPC.

test_misc.py: Add test_emergencyrecover_old_format_handling

b8a28f0

Key Changes: - Added encrypted_data which contains emergency.recover in the legacy format - Added assert to make sure we watch the funding txn

adi2011 force-pushed the enablepenaltytxn branch from 5256cdb to b9e0b15 Compare February 20, 2025 21:46

adi2011 force-pushed the enablepenaltytxn branch from 16ffe30 to b9e0b15 Compare February 21, 2025 06:36

adi2011 force-pushed the enablepenaltytxn branch from b9e0b15 to 45697c3 Compare February 21, 2025 19:57

tests: Added test_emergencyrecoverpenaltytxn

b059e88

This test would make sure that the node would publish a penalty txn when channel partner cheats.

adi2011 force-pushed the enablepenaltytxn branch from 45697c3 to b059e88 Compare February 22, 2025 04:15

endothermicdev merged commit 2dcbc70 into ElementsProject:master Feb 22, 2025
40 checks passed

Update emergency.recover after every 'commitment_revocation' so that user can sweep funds by penalty transaction. #7772

Update emergency.recover after every 'commitment_revocation' so that user can sweep funds by penalty transaction. #7772

Uh oh!

Conversation

adi2011 commented Oct 31, 2024

Uh oh!

rustyrussell left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

rustyrussell commented Nov 18, 2024

Uh oh!

rustyrussell commented Nov 22, 2024

Uh oh!

niftynei left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

endothermicdev commented Feb 13, 2025

Uh oh!

adi2011 commented Feb 15, 2025

Uh oh!

rustyrussell left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

rustyrussell commented Feb 21, 2025

Uh oh!

adi2011 commented Feb 21, 2025

Uh oh!

rustyrussell commented Feb 22, 2025

Uh oh!

Uh oh!

Uh oh!