Add splice-out support #3979
Add splice-out support #3979
Conversation
|
👋 Thanks for assigning @tankyleo as a reviewer! |
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #3979 +/- ##
==========================================
+ Coverage 88.74% 88.77% +0.02%
==========================================
Files 173 176 +3
Lines 124899 127934 +3035
Branches 124899 127934 +3035
==========================================
+ Hits 110841 113571 +2730
- Misses 11631 11796 +165
- Partials 2427 2567 +140
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
jkczyz
force-pushed
the
2025-07-splice-out
branch
3 times, most recently
from
2d39059 to
381fba6
Compare
|
🔔 1st Reminder Hey @wpaulino! This PR has been waiting for your review. |
lightning/src/ln/channel.rs
Outdated
| @@ -6079,7 +6081,7 @@ pub enum FundingTxContributions { | |||
| InputsOnly { | |||
| /// The inputs used to meet the contributed amount. Any excess amount will be sent to a | |||
| /// change output. | |||
| inputs: Vec<(TxIn, Transaction)>, | |||
| inputs: Vec<(TxIn, Transaction, Weight)>, | |||
There was a problem hiding this comment.
Let's make this a struct now so we can properly document each field. The weight here should be the witness_weight for the input to be spent. We may even be able to reuse bump_transaction::Utxo.
There was a problem hiding this comment.
We may even be able to reuse
bump_transaction::Utxo.
Hmm... that doesn't have a TxIn. We also need the full previous transaction in InteractiveTxConstructor to use as prevtx in tx_add_input.
There was a problem hiding this comment.
We would just need to track TxIn::sequence and prevtx separately if we choose to go with it
lightning/src/ln/channel.rs
Outdated
| our_funding_contribution_satoshis, | ||
| ); | ||
| // FIXME: Should we check value_to_self instead? Do HTLCs need to be accounted for? | ||
| // FIXME: Check that we can pay for the outputs from the channel value? |
There was a problem hiding this comment.
We probably don't even need our_funding_contribution for a splice out, we can just assume it from adding all the output values
There was a problem hiding this comment.
Ah, good point. For paying for the outputs, seems we should actually use check_v2_funding_inputs_sufficient for both splice-in and splice-out and account for outputs?
There was a problem hiding this comment.
Ah, actually that only looks at the input from the previous funding transaction for weight, not amount.
There was a problem hiding this comment.
Re-wrote this to ensure fees for the funding outputs are accounted for. One thing of note is that our_funding_contribution for a splice-out needs to be adjusted by the fees to be paid (i.e., fees need to be subtracted from the negative our_funding_contribution to increase the amount being removed from the channel).
Also, a bit of an oversight, but we don't yet support accepting a splice-out. Technically, it could contain both inputs and outputs even if the net amount is negative. But I think we shouldn't care as long as we check everything is sane upon exchanging tx_complete.
|
👋 The first review has been submitted! Do you think this PR is ready for a second reviewer? If so, click here to assign a second reviewer. |
jkczyz
force-pushed
the
2025-07-splice-out
branch
2 times, most recently
from
396948e to
59fbd7e
Compare
|
🔔 1st Reminder Hey @wpaulino! This PR has been waiting for your review. |
jkczyz
force-pushed
the
2025-07-splice-out
branch
from
fde2f61 to
f12c993
Compare
|
Rebased to resolve merge conflicts. |
jkczyz
force-pushed
the
2025-07-splice-out
branch
from
f12c993 to
806220e
Compare
|
Squashed as requested. |
lightning/src/ln/channel.rs
Outdated
| funding_feerate.to_sat_per_kwu() as u32, | ||
| )); | ||
|
|
||
| if channel_balance > contribution_amount.unsigned_abs() + estimated_fee { |
There was a problem hiding this comment.
This isn't enough, we need to make sure the balance is still above the reserve and has enough to pay for fees on the commitment transaction if they're the channel initiator
There was a problem hiding this comment.
Right, the reserve check will be at the call site as a separate check. I hadn't considered the fees for the commitment transaction. For the splice-in case, is it assumed it is sufficient because it was sufficient with the previous funding contributions?
There was a problem hiding this comment.
For the splice-in case, is it assumed it is sufficient because it was sufficient with the previous funding contributions?
Most likely yeah, but it's better to be safe than sorry. We already need to always check it for the counterparty and for our splice-outs, so might as well always do it for splice-ins.
There was a problem hiding this comment.
Leaving this for @tankyleo.
jkczyz
force-pushed
the
2025-07-splice-out
branch
from
806220e to
9c2f266
Compare
jkczyz
force-pushed
the
2025-07-splice-out
branch
from
9c2f266 to
ef1aee7
Compare
|
Squashed as requested. |
lightning/src/ln/channelmanager.rs
Outdated
| /// When funds are added to a channel. | ||
| SpliceIn { | ||
| /// The amount to contribute to the splice. | ||
| value: Amount, |
There was a problem hiding this comment.
Another variant could be to consume the full input set, but we can revisit that later
There was a problem hiding this comment.
I was thinking we could have a constructor that took inputs and gave back a SpliceContribution::SpliceIn with amount. However, we'd need to provide information about the balance in order to compute that. So maybe best to use a dedicated variant as you said.
1 similar comment
lightning/src/ln/channel.rs
Outdated
| funding_feerate.to_sat_per_kwu() as u32, | ||
| )); | ||
|
|
||
| if channel_balance > contribution_amount.unsigned_abs() + estimated_fee { |
jkczyz
force-pushed
the
2025-07-splice-out
branch
from
4a02574 to
a39a294
Compare
lightning/src/ln/channelmanager.rs
Outdated
| /// When funds are added to a channel. | ||
| SpliceIn { | ||
| /// The amount to contribute to the splice. | ||
| value: Amount, |
There was a problem hiding this comment.
I was thinking we could have a constructor that took inputs and gave back a SpliceContribution::SpliceIn with amount. However, we'd need to provide information about the balance in order to compute that. So maybe best to use a dedicated variant as you said.
lightning/src/ln/channel.rs
Outdated
| let mut weight = (input_count as u64) * BASE_INPUT_WEIGHT; | ||
|
|
||
| // Witnesses | ||
| weight = weight.saturating_add(witness_weight.to_wu()); | ||
| weight = weight.saturating_add(outputs.iter().map(|txout| txout.weight().to_wu()).sum()); |
There was a problem hiding this comment.
Seems we are missing the weight of the empty script sig, ie EMPTY_SCRIPT_SIG_WEIGHT ?
There was a problem hiding this comment.
Isn't that only for inputs? Outputs added to the transaction will have a script_pubkey that needs to be satisfied when spent.
There was a problem hiding this comment.
Right I mean that BASE_INPUT_WEIGHT on the very first line does not include EMPTY_SCRIPT_SIG_WEIGHT and then on the second line we add the Witness weight only.
There was a problem hiding this comment.
Ah, that parameter should be renamed similar to #3979 (comment). But it looks like we do need to add EMPTY_SCRIPT_SIG_WEIGHT at call sites when adding FUNDING_TRANSACTION_WITNESS_WEIGHT, which AFAICT doesn't include it. (cc @wpaulino)
Updated estimate_v2_funding_transaction_fee to do all the weight calculations so as to avoid this.
jkczyz
force-pushed
the
2025-07-splice-out
branch
from
a39a294 to
8ad0b83
Compare
jkczyz
force-pushed
the
2025-07-splice-out
branch
2 times, most recently
from
d4c2cd8 to
7a38617
Compare
Splice contributions should never exceed the total bitcoin supply. This check prevents a potential overflow when converting the contribution from sats to msats. The commit additionally begins to store the contribution using SignedAmount.
…text Once the counterparty supplies their funding contribution, there is no longer a need to store it in FundingNegotiationContext as it will have already been used to create a FundingScope.
TransactionU16LenLimited was used to limit Transaction serialization size to u16::MAX. This was because messages can not be longer than u16::MAX bytes when serialized for the transport layer. However, this limit doesn't take into account other fields in a message containing a Transaction, including the length of the transaction itself. Remove TransactionU16LenLimited and instead check any user supplied transactions in the context of the enclosing message (e.g. TxAddInput).
ChannelManager::splice_channel takes witness weights with the funding inputs. Storing these in FundingNegotiationContext allows us to use them when calculating the change output and include them in a common struct used for initiating a splice-in. In preparation for having ChannelManager::splice_channel take FundingTxContributions, add a weight to the FundingTxContributions::InputsOnly, which supports the splice-in use case.
jkczyz
force-pushed
the
2025-07-splice-out
branch
from
7a38617 to
29c61bd
Compare
jkczyz
force-pushed
the
2025-07-splice-out
branch
from
29c61bd to
f2aa7fe
Compare
|
Pushed a fix for CI. |
When splicing a channel, the previous funding output is spent and fees for it are paid by the splice initiator. However, the witness weight was not including EMPTY_SCRIPT_SIG_WEIGHT. Fix this and update the variable name to make clear the weight needed is the input satisfaction.
The funding inputs used for splicing and v2 channel establishment are passed as a tuple of txin, prevtx, and witness weight. Add a struct so that the items included can be better documented.
ChannelManager::splice_channel takes individual parameters to support splice-in. Change these to an enum such that it can be used for splice-out as well.
Update SpliceContribution with a variant used to support splice-out (i.e., removing funds from a channel). The TxOut values must not exceed the users channel balance after accounting for fees and the reserve requirement.
When a counterparty sends splice_init with a negative contribution, they are requesting to remove funds from a channel. Remove conditions guarding against this and check that they have enough channel balance to cover the removed funds.
jkczyz
force-pushed
the
2025-07-splice-out
branch
from
f2aa7fe to
8a596fb
Compare
|
Sorry, early CI failures were masking another one. Think it should be fixed in latest push. Also, pulled out the |
Splice-in support was added in #3736. This PR expands
ChannelManager::splice_channelto support splice-out (i.e., removing funds from a channel). This is accomplished by adding aFundingTxContributionsenum to cover both use cases.Depends on #3736.