Fix router fuzz failure #2570
Fix router fuzz failure #2570
Conversation
valentinewallace
force-pushed
the
2023-08-router-fuzz-fail
branch
from
4fb32d4 to
a0d7cc7
Compare
|
LGTM, but will give this some fuzzing cycles to see if it finds anything else. Will wait to assign a second reviewer for a minute cause folks are super busy lol. |
valentinewallace
force-pushed
the
2023-08-router-fuzz-fail
branch
from
a0d7cc7 to
6b917c6
Compare
|
Added another fuzz fix, see latest commit. |
Codecov ReportAttention:
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## main #2570 +/- ##
========================================
Coverage 88.97% 88.98%
========================================
Files 113 113
Lines 85890 86292 +402
Branches 85890 86292 +402
========================================
+ Hits 76424 76784 +360
- Misses 7239 7270 +31
- Partials 2227 2238 +11
☔ View full report in Codecov by Sentry. |
|
Thanks for taking a look! I'm gonna tack on one more fuzz fix that changes the last commit slightly. |
valentinewallace
force-pushed
the
2023-08-router-fuzz-fail
branch
from
6b917c6 to
905387b
Compare
|
Rewrote the last commit to generalize the solution and added another test courtesy of the fuzzer. |
valentinewallace
force-pushed
the
2023-08-router-fuzz-fail
branch
from
905387b to
31bf6b1
Compare
|
Ugh, this is failing again - https://pastebin.com/XyrjGm3U |
valentinewallace
force-pushed
the
2023-08-router-fuzz-fail
branch
from
31bf6b1 to
f1741a8
Compare
The fuzzer managed to hit this and it causes some invalid paths to be generated internally.
Because my text editor loves to do that.
valentinewallace
force-pushed
the
2023-08-router-fuzz-fail
branch
from
f1741a8 to
5e742b6
Compare
|
I fuzzed this latest branch overnight and it didn't find anything, when previously it found a crash within an hour. Also rebased to fix conflicts. |
| @@ -1280,6 +1284,7 @@ impl<'a> PaymentPath<'a> { | |||
|
|
|||
| let cur_hop = &mut self.hops.get_mut(i).unwrap().0; | |||
| cur_hop.next_hops_fee_msat = total_fee_paid_msat; | |||
| cur_hop.path_penalty_msat += extra_contribution_msat; | |||
There was a problem hiding this comment.
I don't quite understand the extra penalization here. Wouldn't the path just be deprioritized anyways as it's higher cost?
There was a problem hiding this comment.
It’s not higher cost with this solution because we don’t add the overpayment amount to the fees, just to the path contribution amount. The test fails without this as it will select an overpaying path when a path for the exact payment value is available.
There was a problem hiding this comment.
Ah, makes sense. Doesn't make update_value_and_recompute_fees much more readable though..
Maybe would be worth another comment to explain why we carve out the last hop?
There was a problem hiding this comment.
Yeah, I'm tempted to try to refactor this method, it's not fun to parse..
Maybe would be worth another comment to explain why we carve out the last hop?
I kept your comment stating that we return the extra fees to account for them in the path's value contribution. Is something missing there?
There was a problem hiding this comment.
I kept your comment stating that we return the extra fees to account for them in the path's value contribution. Is something missing there?
Could mention why we don't count the fees in this case, but probably doesn't make a big difference. Fine to leave as is.
There was a problem hiding this comment.
So far looks good to me, I checked that rebasing #2575 works without issue if I drop the first commit there, that the LDK Node issue is still fixed, and that #2604 rebased on top of the rebase still has all tests pass. Only nit would be that I'd prefer the more general solution in 7144866, but of course we'll want to keep the tests here.
So, how should we go about landing all these? 😁
Edit: Rebased #2575 on top of this and included the requested change as part of that.
valentinewallace
force-pushed
the
2023-08-router-fuzz-fail
branch
from
5e742b6 to
6017660
Compare
|
Pushed a fix for 1.48 CI: |
See tests, but the fuzzer found several panics from not fully ignoring these hints. We should support these route hints eventually, but it will involve some reworking of the Path/BlindedTail structs.
Previously this variable was a bool, but has since been updated to be an Option, so rename accordingly.
Previously, we would add a candidate hop to the list of potential hops even though its available contribution wasn't sufficient to meet the next hop's min_htlc. We'd subsequently build an invalid path using this hop and hit a debug assertion.
See previous commit, but the bug where we would underestimate how much a first hop candidate needed to be able to relay was also present in blinded paths.
Previously, we would add a first_hop<>network_node channel that did not have enough contribution amount to cover the next channel's min htlc plus fees, because we were storing the next hop as having a path_min that did not include fees, and would add a connecting first_hop node that did not have enough contribution amount, leading to a debug panic upon invalid path construction.
Previously, the fuzzer hit a debug panic because we wouldn't include the amount overpaid to meet a last hop's min_htlc in the total collected paths value. We now include this value and also penalize hops along the overpaying path to ensure that it gets deprioritized in path selection.
valentinewallace
force-pushed
the
2023-08-router-fuzz-fail
branch
from
6017660 to
f3857d0
Compare
|
Updated to make 2 tests more robust, later changes would make them spuriously succeed if the original change was reverted. |
| // Values are taken from the fuzz input that uncovered this panic. | ||
| let amt_msat = 7_4009_8048; | ||
| let (_, our_id, _, nodes) = get_nodes(&secp_ctx); | ||
| let first_hop_outbound_capacity = 2_7345_2000; |
There was a problem hiding this comment.
@TheBlueMatt this was an existing issue before routing to blinded paths was supported. ISTM the router fuzzer should've caught this previously?
There was a problem hiding this comment.
Yea, that's my impression too, not sure why I wasn't able to repro prior to the changes in 117.
| @@ -1280,6 +1284,7 @@ impl<'a> PaymentPath<'a> { | |||
|
|
|||
| let cur_hop = &mut self.hops.get_mut(i).unwrap().0; | |||
| cur_hop.next_hops_fee_msat = total_fee_paid_msat; | |||
| cur_hop.path_penalty_msat += extra_contribution_msat; | |||
There was a problem hiding this comment.
I kept your comment stating that we return the extra fees to account for them in the path's value contribution. Is something missing there?
Could mention why we don't count the fees in this case, but probably doesn't make a big difference. Fine to leave as is.
Fixes #2523 and another panic from fuzz input https://pastebin.com/9ZkmyzHE. See test comments for more details on the fixes.