[r2r] Lightning taker swap p.o.c

[shamardy]

#1045

• Moved all lightning RPCs to coins/rpc_command/lightning [r2r] Update rust-lightning to latest version, 0_confs channels, complete btc spv, multiple fixes #1452 (comment)
• Lightning RPCs now use the lightning:: namespace similar to gui_storage:: and task::
• TakerFee and MakerPayment swap messages are modified to include payment instructions for the other side, in the case of lightning this payment instructions is a lightning invoice.
• MakerPaymentInstructionsReceived/TakerPaymentInstructionsReceived events are added to MakerSwapEvent/TakerSwapEvent
• 2 new functions payment_instructions, validate_instructions are added to the SwapOps trait
• Implemented the required SwapOps, MarketCoinOps, MmCoin trait functions to do a lightning taker swap, some of these functions include default or dummy values for the sake of the p.o.c. , they should be completed in upcoming sprints/PRs
• test_lightning_taker_swap is the unit test for a RICK/tBTC-TEST-lightning swap, it's ignored because it requires refilling the tBTC and RICK addresses with test coins periodically. This test can be run locally to check that everything is working fine.
• There is a lot of todo comments left in the code for upcoming sprints/PRs.
• A detailed diagram with notes for the required changes in our current swaps implementation for lightning swaps to work can be found here https://docs.google.com/document/d/1liFL704KV9yQzeVRoKCkztNNRrL9T4ak5wQaY-pPY7U/

[onur-ozkan]

Next review iteration 🙂

[onur-ozkan]

I believe we don't need to make this much checks. In order to return true, all of them must be true as well.

So,

// Checking if channel id is none or equal
if !(filter.channel_id.is_none() || Some(&channel_details.channel_id) == filter.channel_id.as_ref()) {
    return false;
}

// Checking if counterparty_node_id  is none or equal
if !(filter.counterparty_node_id.is_none()
    || Some(&channel_details.counterparty_node_id) == filter.counterparty_node_id.as_ref())
{
    return false;
}

.
.
.

// All checks true, so return:
true

should be enough

[onur-ozkan]

Q:
Do we need to calculate duration in UTC or in local? If this should be global duration then we have to create Duration instance using get_utc_timestamp because device time can be incorrect.

Also, you can create this as a seperated function under common module to make it reusable. We have same calculation in fn ln_utils::init_keys_manager

[shamardy]

Do we need to calculate duration in UTC or in local?

It's calculated the same way in create_invoice_from_channelmanager which is used for generating invoices for wallet payments/operations https://github.com/KomodoPlatform/atomicDEX-API/blob/24dd76a1312c062f1c6cba234be7a44910b029af/mm2src/coins/rpc_command/lightning/generate_invoice.rs#L88 https://github.com/lightningdevkit/rust-lightning/blob/e61f3a238a70cbac87209e223b7c396108a49b97/lightning-invoice/src/utils.rs#L229-L231
The expiry is checked by the receiver/payee which is the same node that generated the invoice so it should work alright with both local or UTC I think but I would like to keep it the same as create_invoice_from_channelmanager. I will add a Todo to check this in more details later.

Also, you can create this as a seperated function under common module to make it reusable. We have same calculation in fn ln_utils::init_keys_manager

Sure, do you think get_local_duration_since_epoch is a good name for such function?

[onur-ozkan]

The expiry is checked by the receiver/payee which is the same node that generated the invoice so it should work alright

Seems fine then. If this goes into different nodes with different time, this calculation won't be stable. But I guess it's not possible.

Sure, do you think get_local_duration_since_epoch is a good name for such function?

I think so, yeah.

[onur-ozkan]

Can we create const for this? Just like MAKER_PAYMENT_WAIT_TIMEOUT

[onur-ozkan]

This block is duplicated in taker_swap. It would be great if you can create helper function and use it here and in taker_swap. Or at least add TODO not on top of this function and also on taker_swap::get_taker_fee_data

[onur-ozkan]

Why do we have this trait implemented? I see it's not used anywhere.

[shamardy]

I guess it was used in a previous commit and I forgot to delete it.

[onur-ozkan]

We can combine these with |

[caglaryucekaya]

Great work! I have a few comments and questions

[caglaryucekaya]

Can you use map_to_mm here?

[shamardy]

Yes, this should return MmError similar to keysend. Will fix it.

[caglaryucekaya]

You can move this to where it is used below to make the code more clear

[caglaryucekaya]

At first sight this looks like you're taking the hash of the lightning payment bytes taker_payment_tx, and that this is something different than the regular payment_hash i.e. hash of the payment_preimage. This confused me for a while. Can you change the parameter name taker_payment_tx to payment_hash? Also in other SwapOps methods.

[shamardy]

Can you change the parameter name taker_payment_tx to payment_hash?

This can't be changed since in other SwapOps implementations the taker_payment_tx bytes are what's passed. There is no concept of payment bytes in lightning, this comment can be part of #1501

[caglaryucekaya]

Good point, I will add this to todo list for watchers and think if there's a solution

[shamardy]

I am not sure if watchers are really needed for lightning anyways since the maker should spend the taker payment straight away and propagate back the preimage. Just added this note to think about the possibilities of a malicious maker that doesn't spend the taker payment straight away and the taker goes offline, maybe combining the lightning channels watchers in the future with the swap watchers can offer a solution, the watcher can close the channel (broadcasting the latest commitment transaction) if the taker went offline without completing the swap, this will be equivalent to a taker refund but the taker will get the refund on-chain.

[sergeyboyko0791]

I dug deeper into the changes a little more. Here are my comments and suggestions 🙂

[sergeyboyko0791]

How about using .validate_instructions() at send_maker_payment and send_taker_payment methods instead of in maker_swap.rs and taker_swap.rs? It confuses a bit that send_maker_payment doesn't validate the input instruction.
This is not a call to the action, but a topic for discussion

[shamardy]

How about using .validate_instructions() at send_maker_payment and send_taker_payment methods instead of in maker_swap.rs and taker_swap.rs?

I wanted the swap to fail quickly if the instructions are invalid. let's say the maker sends an invalid instructions, if validation is moved right before or inside send_taker_payment then the taker will have to wait for the confirmations of the maker payment first before failing the swap due to invalid instructions. I think the instructions should be checked if valid or not as soon as it's received in the p2p message as currently implemented :)

[sergeyboyko0791]

Do we need to do the following if there is a problem with the payment_tx?

// Free the htlc to allow for this inbound liquidity to be used for other inbound payments
coin.channel_manager.fail_htlc_backwards(&payment_hash);
payment.status = HTLCStatus::Failed;
drop_mutability!(payment);
coin.db
    .add_or_update_payment_in_db(payment)
    .await
    .error_log_with_msg("Unable to update payment information in DB!");
return MmError::err(ValidatePaymentError::WrongPaymentTx(format!(
    "Provided payment {} amount {:?} doesn't match required amount {}",
    payment_hex, amount_sent, amt_msat
)));

Probably there should be a callback called from maker_swap and taker_swap that the swap is failed, and lightning will free the corresponding htlc

[shamardy]

Probably there should be a callback called from maker_swap and taker_swap that the swap is failed, and lightning will free the corresponding htlc

I don't get what you mean by a callback? isn't the error returned in the below code enough?
https://github.com/KomodoPlatform/atomicDEX-API/blob/8b515c860faf640e04438c694561bdc8b9093ee4/mm2src/mm2_main/src/lp_swap/maker_swap.rs#L918-L925

[shamardy]

Maybe I can edit the error message to include that lightning will free the corresponding htlc too. What do you think @sergeyboyko0791?

[sergeyboyko0791]

I meant that the following code

// Free the htlc to allow for this inbound liquidity to be used for other inbound payments
coin.channel_manager.fail_htlc_backwards(&payment_hash);
payment.status = HTLCStatus::Failed;
drop_mutability!(payment);
coin.db
    .add_or_update_payment_in_db(payment)
    .await
    .error_log_with_msg("Unable to update payment information in DB!");
return MmError::err(ValidatePaymentError::WrongPaymentTx(format!(
    "Provided payment {} amount {:?} doesn't match required amount {}",
    payment_hex, amount_sent, amt_msat
)));

might be used on any error occurred at the validate_taker_payment, send_maker_payment etc as it changes the state of the payment to HTLCStatus::Failed. Does this even make sense?

[shamardy]

Does this even make sense?

Yes, I understand now, thanks for the clarification :)
Let's make this part of the next sprint since I need to think about it in more details. I will add this comment to the lightning checklist.

[sergeyboyko0791]

To be honest, this looks really weird. What if TransactionIdentifier::tx_hex will be not None, but the same value as TransactionIdentifier::tx_hash for lightning? Then we can pass TransactionIdentifier::tx_hex as it is here and in other places.

Making TransactionIdentifier::tx_hex optional also leads to huge changes in taker_swap.rs

[shamardy]

What if TransactionIdentifier::tx_hex will be not None, but the same value as TransactionIdentifier::tx_hash for lightning?

I actually implemented it like this in the beginning but thought it might be confusing. Also these checks https://github.com/KomodoPlatform/atomicDEX-API/blob/8b515c860faf640e04438c694561bdc8b9093ee4/mm2src/mm2_main/src/lp_swap/taker_swap.rs#L1377-L1378
https://github.com/KomodoPlatform/atomicDEX-API/blob/8b515c860faf640e04438c694561bdc8b9093ee4/mm2src/mm2_main/src/lp_swap/taker_swap.rs#L1419 will be more confusing since we will check if tx_hash != tx_hex. What do you think?

[sergeyboyko0791]

Where is it required to check if tx_hash != tx_hex?

[shamardy]

Where is it required to check if tx_hash != tx_hex?

It will be used instead of checking if tx_hex is some since it's not an Option anymore

[shamardy]

Maybe a method can be added to SwapOps called is_watcher_supported instead of doing these checks, what do you think @caglaryucekaya @sergeyboyko0791?

[sergeyboyko0791]

I like this idea

Maybe a method can be added to SwapOps called is_watcher_supported instead of doing these checks, what do you think @caglaryucekaya @sergeyboyko0791?

[shamardy]

Will implement it then. @caglaryucekaya I guess is_watcher_supported should be true for UTXO and QTUM only, is that correct?

[caglaryucekaya]

Yes correct, will start to implement the rest in the next sprint.

[onur-ozkan]

Thank you for the fixes 🔥
Last review iteration.

[onur-ozkan]

I achieved to write this functionality recuding 1 nested block. No mandatory change required. Using this is up to you 🙂

diff --git a/mm2src/mm2_main/src/lp_swap/taker_swap.rs b/mm2src/mm2_main/src/lp_swap/taker_swap.rs
index e56aabd82..ae6e3700d 100644
--- a/mm2src/mm2_main/src/lp_swap/taker_swap.rs
+++ b/mm2src/mm2_main/src/lp_swap/taker_swap.rs
@@ -1374,38 +1374,41 @@ impl TakerSwap {
         // Todo: Check if watchers can work in some cases with lightning and implement it if it's possible, the watcher will not be able to retrieve the preimage since it's retrieved through the lightning network
         // Todo: The watcher can retrieve the preimage only if he is running a lightning node and is part of the nodes that routed the taker payment which is a very low probability event that shouldn't be considered
         let maybe_maker_hex = self.r().maker_payment.as_ref().unwrap().tx_hex.clone();
-        if let Some(maker_hex) = maybe_maker_hex {
-            if let Some(taker_hex) = tx_hex {
-                if self.ctx.use_watchers() {
-                    let preimage_fut = self.taker_coin.create_taker_spends_maker_payment_preimage(
-                        &maker_hex,
-                        self.maker_payment_lock.load(Ordering::Relaxed) as u32,
-                        self.r().other_maker_coin_htlc_pub.as_slice(),
-                        &self.r().secret_hash.0,
-                        &self.unique_swap_data()[..],
-                    );
 
-                    match preimage_fut.compat().await.map(|p| p.tx_hex()) {
-                        Ok(Some(preimage)) => {
-                            let watcher_data = self.create_watcher_data(taker_hex.0, preimage.clone());
-                            let swpmsg_watcher = SwapWatcherMsg::TakerSwapWatcherMsg(Box::new(watcher_data));
-                            broadcast_swap_message(
-                                &self.ctx,
-                                watcher_topic(&self.r().data.taker_coin),
-                                swpmsg_watcher,
-                                &self.p2p_privkey,
-                            );
-                            swap_events.push(TakerSwapEvent::WatcherMessageSent(Some(preimage)))
-                        },
-                        Ok(None) => (),
-                        Err(e) => error!(
+        match maybe_maker_hex {
+            Some(maker_hex) if self.ctx.use_watchers() && tx_hex.is_some() => {
+                let taker_hex = tx_hex.unwrap();
+
+                let preimage_fut = self.taker_coin.create_taker_spends_maker_payment_preimage(
+                    &maker_hex,
+                    self.maker_payment_lock.load(Ordering::Relaxed) as u32,
+                    self.r().other_maker_coin_htlc_pub.as_slice(),
+                    &self.r().secret_hash.0,
+                    &self.unique_swap_data()[..],
+                );
+
+                match preimage_fut.compat().await.map(|p| p.tx_hex()) {
+                    Ok(Some(preimage)) => {
+                        let watcher_data = self.create_watcher_data(taker_hex.0, preimage.clone());
+                        let swpmsg_watcher = SwapWatcherMsg::TakerSwapWatcherMsg(Box::new(watcher_data));
+                        broadcast_swap_message(
+                            &self.ctx,
+                            watcher_topic(&self.r().data.taker_coin),
+                            swpmsg_watcher,
+                            &self.p2p_privkey,
+                        );
+                        swap_events.push(TakerSwapEvent::WatcherMessageSent(Some(preimage)))
+                    },
+                    Ok(None) => (),
+                    Err(e) => error!(
                     "The watcher message could not be sent, error creating the taker spends maker payment preimage: {}",
                     e.get_plain_text_format()
                 ),
-                    }
                 }
-            }
-        }
+            },
+            _ => {},
+        };
+
         Ok((Some(TakerSwapCommand::WaitForTakerPaymentSpend), swap_events))
     }

[shamardy]

looks good, thanks for the suggestion :). But this will be changed due to this #1497 (comment).

[onur-ozkan]

The value itself(SecretHashAlgo::SHA256) is explaining everything. I think we can freely remove the extra allocation here.

[onur-ozkan]

I guess we can create in-function const for vec![1; 300] if I am not mistaken?

[shamardy]

vec! can't be used with constants. Created a const array instead.

[onur-ozkan]

Could you please inline this function?

ps: You can even provide this funcitonality as a macro.

[onur-ozkan]

What about:

        match filtered_channels.entry(channel.counterparty.node_id) {
            Entry::Occupied(entry) if channel.inbound_capacity_msat < entry.get().inbound_capacity_msat => continue,
            Entry::Occupied(mut entry) => entry.insert(channel),
            Entry::Vacant(entry) => entry.insert(channel),
        };

I tried to seperate different logics into different blocks.

You can also add notes on top of each pattern which will look easier to debug.

[laruh]

Impressive work as always!
I just have a tiny note for now.

[shamardy]

@sergeyboyko0791 @ozkanonur @caglaryucekaya @laruh All comments are fixed or replied to

[onur-ozkan]

thank you for the fixes :) LGTM

[laruh]

Looks good to me, thanks! 🙂

[sergeyboyko0791]

Awesome 🔥

[artemii235]

Few notes for the next iteration.

[artemii235]

Is it generally safe to not call fail_htlc_backwards here anymore? What will happen if neither fail_htlc_backwards nor claim_funds is called from the API code afterward?

[shamardy]

Is it generally safe to not call fail_htlc_backwards here anymore?

Yes, I should call it inside the swap methods implementations when it's required. I called it here previously because before swaps we shouldn't have accepted payments that we don't know the preimage for.

What will happen if neither fail_htlc_backwards nor claim_funds is called from the API code afterward?

The HTLC will remain unsettled until the timelock expires in both cases.

[artemii235]

I assume there might be other places to call fail_htlc_backwards in case of other swap steps failures.

[shamardy]

Already added to checklist #1497 (comment) :)

[artemii235]

return is not required here