Release tx_signatures after async monitor update completes#4472
Open
wpaulino wants to merge 1 commit intolightningdevkit:mainfrom
Open
Release tx_signatures after async monitor update completes#4472wpaulino wants to merge 1 commit intolightningdevkit:mainfrom
wpaulino wants to merge 1 commit intolightningdevkit:mainfrom
Conversation
In 83b2d3e, we reworked `ChannelManager::funding_transaction_signed` such that it would also for a user to cancel a splice up until they send `commitment_signed`. Previously, we would would only emit `Event::FundingTransactionReadyForSigning` when both nodes exchanged `commitment_signed` and the corresponding monitor update completed. With the event now being generated immediately after the nodes exchange `tx_complete`, we now need to handle the monitor update not having completed by the time we are ready to send `tx_signatures`. Unfortunately, we also did not have test coverage, allowing this to go unnoticed until being caught by the fuzzer due to a debug assertion. Doing so avoids a potential funds-loss scenario if the funding transaction confirms without the counterparty's signature for our commitment being durably persisted.
|
👋 Thanks for assigning @TheBlueMatt as a reviewer! |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #4472 +/- ##
==========================================
- Coverage 86.08% 86.00% -0.08%
==========================================
Files 159 159
Lines 105186 105489 +303
Branches 105186 105489 +303
==========================================
+ Hits 90546 90727 +181
- Misses 12131 12249 +118
- Partials 2509 2513 +4
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
🔔 1st Reminder Hey @TheBlueMatt! This PR has been waiting for your review. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In 83b2d3e, we reworked
ChannelManager::funding_transaction_signedsuch that it would also for a user to cancel a splice up until they sendcommitment_signed. Previously, we would would only emitEvent::FundingTransactionReadyForSigningwhen both nodes exchangedcommitment_signedand the corresponding monitor update completed. With the event now being generated immediately after the nodes exchangetx_complete, we now need to handle the monitor update not having completed by the time we are ready to sendtx_signatures. Unfortunately, we also did not have test coverage, allowing this to go unnoticed until being caught by the fuzzer due to a debug assertion. Doing so avoids a potential funds-loss scenario if the funding transaction confirms without the counterparty's signature for our commitment being durably persisted.