Add channel_reestablish TLVs for retransmission

With splicing, we introduce new TLVs to `channel_reestablish` to let
our peer know:

- the latest `splice_locked` (or `channel_ready`) we received
- the latest `splice_locked` (or `channel_ready`) we're ready to send

This lets us clean-up retransmission of those messages and remove an
edge case around concurrent locking and payments.

Author: t-bast

modules/core/src/commonMain/kotlin/fr/acinq/lightning/channel/Commitments.kt

@@ -608,6 +608,9 @@ data class Commitments(
     // We always use the last commitment that was created, to make sure we never go back in time.
     val latest = active.first().let { c -> FullCommitment(params, changes, c.fundingTxIndex, c.remoteFundingPubkey, c.localFundingStatus, c.remoteFundingStatus, c.localCommit, c.remoteCommit, c.nextRemoteCommit) }
 
+    fun ChannelContext.lastLocalLocked(): Commitment? = active.find { staticParams.useZeroConf || it.localFundingStatus is LocalFundingStatus.ConfirmedFundingTx }
+    val lastRemoteLocked: Commitment? = active.find { it.remoteFundingStatus == RemoteFundingStatus.Locked }
+
     val all = buildList {
         addAll(active)
         addAll(inactive)
@@ -948,18 +951,17 @@ data class Commitments(
         // This ensures that we only have to send splice_locked for the latest commitment instead of sending it for every commitment.
         // A side-effect is that previous commitments that are implicitly locked don't necessarily have their status correctly set.
         // That's why we look at locked commitments separately and then select the one with the oldest fundingTxIndex.
-        val lastLocalLocked = active.find { staticParams.useZeroConf || it.localFundingStatus is LocalFundingStatus.ConfirmedFundingTx }
-        val lastRemoteLocked = active.find { it.remoteFundingStatus == RemoteFundingStatus.Locked }
+        val lastLocal = lastLocalLocked()
         return when {
             // We select the locked commitment with the smaller value for fundingTxIndex, but both have to be defined.
             // If both have the same fundingTxIndex, they must actually be the same commitment, because:
             //  - we only allow RBF attempts when we're not using zero-conf
             //  - transactions with the same fundingTxIndex double-spend each other, so only one of them can confirm
             //  - we don't allow creating a splice on top of an unconfirmed transaction that has RBF attempts (because it
             //    would become invalid if another of the RBF attempts end up being confirmed)
-            lastLocalLocked != null && lastRemoteLocked != null -> listOf(lastLocalLocked, lastRemoteLocked).minByOrNull { it.fundingTxIndex }
+            lastLocal != null && lastRemoteLocked != null -> listOf(lastLocal, lastRemoteLocked).minByOrNull { it.fundingTxIndex }
             // Special case for the initial funding tx, we only require a local lock because channel_ready doesn't explicitly reference a funding tx.
-            lastLocalLocked != null && lastLocalLocked.fundingTxIndex == 0L -> lastLocalLocked
+            lastLocal != null && lastLocal.fundingTxIndex == 0L -> lastLocal
             else -> null
         }
     }

modules/core/src/commonMain/kotlin/fr/acinq/lightning/channel/states/Channel.kt

@@ -6,7 +6,10 @@ import fr.acinq.lightning.CltvExpiryDelta
 import fr.acinq.lightning.Feature
 import fr.acinq.lightning.NodeParams
 import fr.acinq.lightning.SensitiveTaskEvents
-import fr.acinq.lightning.blockchain.*
+import fr.acinq.lightning.blockchain.WatchConfirmed
+import fr.acinq.lightning.blockchain.WatchConfirmedTriggered
+import fr.acinq.lightning.blockchain.WatchSpent
+import fr.acinq.lightning.blockchain.WatchSpentTriggered
 import fr.acinq.lightning.blockchain.fee.OnChainFeerates
 import fr.acinq.lightning.channel.*
 import fr.acinq.lightning.channel.Helpers.Closing.claimCurrentLocalCommitTxOutputs
@@ -336,14 +339,18 @@ sealed class PersistedChannelState : ChannelState() {
                 is Normal -> state.getUnsignedFundingTxId()
                 else -> null
             }
-            val tlvs: TlvStream<ChannelReestablishTlv> = unsignedFundingTxId?.let { TlvStream(ChannelReestablishTlv.NextFunding(it)) } ?: TlvStream.empty()
+            val tlvs: Set<ChannelReestablishTlv> = setOfNotNull(
+                unsignedFundingTxId?.let { ChannelReestablishTlv.NextFunding(it) },
+                state.commitments.lastRemoteLocked?.let { ChannelReestablishTlv.YourLastFundingLocked(it.fundingTxId) },
+                state.commitments.run { lastLocalLocked() }?.let { ChannelReestablishTlv.MyCurrentFundingLocked(it.fundingTxId) },
+            )
             ChannelReestablish(
                 channelId = channelId,
                 nextLocalCommitmentNumber = nextLocalCommitmentNumber,
                 nextRemoteRevocationNumber = state.commitments.remoteCommitIndex,
                 yourLastCommitmentSecret = PrivateKey(yourLastPerCommitmentSecret),
                 myCurrentPerCommitmentPoint = myCurrentPerCommitmentPoint,
-                tlvStream = tlvs
+                tlvStream = TlvStream(tlvs),
             ).withChannelData(state.commitments.remoteChannelData, logger)
         }
     }

modules/core/src/commonMain/kotlin/fr/acinq/lightning/channel/states/Syncing.kt

@@ -77,7 +77,7 @@ data class Syncing(val state: PersistedChannelState, val channelReestablishSent:
                         }
                         is WaitForChannelReady -> {
                             val actions = ArrayList<ChannelAction>()
-
+                            // If they haven't received our signatures for the channel funding transaction, we retransmit them.
                             if (state.commitments.latest.fundingTxId == cmd.message.nextFundingTxId) {
                                 if (state.commitments.latest.localFundingStatus is LocalFundingStatus.UnconfirmedFundingTx) {
                                     if (state.commitments.latest.localFundingStatus.sharedTx is PartiallySignedSharedTransaction) {
@@ -101,12 +101,13 @@ data class Syncing(val state: PersistedChannelState, val channelReestablishSent:
                                     logger.warning { "cannot re-send tx_signatures for fundingTxId=${cmd.message.nextFundingTxId}, transaction is already confirmed" }
                                 }
                             }
-
-                            logger.debug { "re-sending channel_ready" }
-                            val nextPerCommitmentPoint = channelKeys().commitmentPoint(1)
-                            val channelReady = ChannelReady(state.commitments.channelId, nextPerCommitmentPoint)
-                            actions.add(ChannelAction.Message.Send(channelReady))
-
+                            // If they haven't received our channel_ready, we retransmit it.
+                            if (cmd.message.yourLastFundingLocked == null) {
+                                logger.debug { "re-sending channel_ready" }
+                                val nextPerCommitmentPoint = channelKeys().commitmentPoint(1)
+                                val channelReady = ChannelReady(state.commitments.channelId, nextPerCommitmentPoint)
+                                actions.add(ChannelAction.Message.Send(channelReady))
+                            }
                             Pair(state, actions)
                         }
                         is LegacyWaitForFundingLocked -> {
@@ -124,8 +125,7 @@ data class Syncing(val state: PersistedChannelState, val channelReestablishSent:
                                     val actions = ArrayList<ChannelAction>()
 
                                     // re-send channel_ready if necessary
-                                    if (state.commitments.latest.fundingTxIndex == 0L && cmd.message.nextLocalCommitmentNumber == 1L && state.commitments.localCommitIndex == 0L) {
-                                        // If next_local_commitment_number is 1 in both the channel_reestablish it sent and received, then the node MUST retransmit channel_ready, otherwise it MUST NOT
+                                    if (cmd.message.yourLastFundingLocked == null && state.commitments.latest.fundingTxIndex == 0L) {
                                         logger.debug { "re-sending channel_ready" }
                                         val nextPerCommitmentPoint = channelKeys().commitmentPoint(1)
                                         val channelReady = ChannelReady(state.commitments.channelId, nextPerCommitmentPoint)
@@ -174,25 +174,36 @@ data class Syncing(val state: PersistedChannelState, val channelReestablishSent:
                                         state.spliceStatus
                                     }
 
-                                    // Re-send splice_locked (must come *after* potentially retransmitting tx_signatures).
-                                    // NB: there is a key difference between channel_ready and splice_locked:
-                                    // - channel_ready: a non-zero commitment index implies that both sides have seen the channel_ready
-                                    // - splice_locked: the commitment index can be updated as long as it is compatible with all splices, so
-                                    //   we must keep sending our most recent splice_locked at each reconnection
-                                    state.commitments.active
-                                        .filter { it.fundingTxIndex > 0L } // only consider splice txs
-                                        .firstOrNull { staticParams.useZeroConf || it.localFundingStatus is LocalFundingStatus.ConfirmedFundingTx }
-                                        ?.let {
-                                            logger.debug { "re-sending splice_locked for fundingTxId=${it.fundingTxId}" }
-                                            val spliceLocked = SpliceLocked(channelId, it.fundingTxId)
+                                    // Re-send splice_locked if necessary (must come *after* potentially retransmitting tx_signatures).
+                                    state.commitments.run { lastLocalLocked() }?.let { lastLocked ->
+                                        val isSplice = lastLocked.fundingTxIndex > 0
+                                        val notReceivedByRemote = cmd.message.yourLastFundingLocked != lastLocked.fundingTxId
+                                        if (isSplice && notReceivedByRemote) {
+                                            logger.debug { "re-sending splice_locked for fundingTxId=${lastLocked.fundingTxId}" }
+                                            val spliceLocked = SpliceLocked(channelId, lastLocked.fundingTxId)
                                             actions.add(ChannelAction.Message.Send(spliceLocked))
                                         }
+                                    }
 
                                     // we may need to retransmit updates and/or commit_sig and/or revocation
                                     actions.addAll(syncResult.retransmit.map { ChannelAction.Message.Send(it) })
 
-                                    // then we clean up unsigned updates
-                                    val commitments1 = discardUnsignedUpdates(state.commitments)
+                                    val commitments1 = run {
+                                        // Prune previous funding transactions if we already sent splice_locked for the last funding transaction
+                                        // that is also locked by our counterparty; we either missed their splice_locked or it confirmed while disconnected.
+                                        val withRemoteLocked = when (val remoteTxId = cmd.message.myCurrentFundingLocked) {
+                                            null -> state.commitments
+                                            else -> when (val commitments1 = state.commitments.run { updateRemoteFundingStatus(remoteTxId) }) {
+                                                is Either.Left -> state.commitments
+                                                is Either.Right -> {
+                                                    state.run { newlyLocked(state.commitments, commitments1.value.first) }.forEach { actions.add(ChannelAction.Storage.SetLocked(it.fundingTxId)) }
+                                                    commitments1.value.first
+                                                }
+                                            }
+                                        }
+                                        // Then we clean up unsigned updates.
+                                        discardUnsignedUpdates(withRemoteLocked)
+                                    }
 
                                     if (commitments1.changes.localHasChanges()) {
                                         actions.add(ChannelAction.Message.SendToSelf(ChannelCommand.Commitment.Sign))

modules/core/src/commonMain/kotlin/fr/acinq/lightning/channel/states/WaitForChannelReady.kt

@@ -59,21 +59,23 @@ data class WaitForChannelReady(
                     Pair(this@WaitForChannelReady, listOf(ChannelAction.Message.Send(TxAbort(channelId, InvalidRbfTxConfirmed(channelId, commitments.latest.fundingTxId).message))))
                 }
                 is ChannelReady -> {
+                    // We mark the funding transaction as locked by our peer: we won't ask them to retransmit channel_ready.
+                    val commitments1 = commitments.run { updateRemoteFundingStatus(commitments.latest.fundingTxId) }.fold({ it }, { it.first })
                     // we create a channel_update early so that we can use it to send payments through this channel, but it won't be propagated to other nodes since the channel is not yet announced
                     val initialChannelUpdate = Announcements.makeChannelUpdate(
                         staticParams.nodeParams.chainHash,
                         staticParams.nodeParams.nodePrivateKey,
                         staticParams.remoteNodeId,
                         shortChannelId,
                         staticParams.nodeParams.expiryDeltaBlocks,
-                        commitments.params.remoteParams.htlcMinimum,
+                        commitments1.params.remoteParams.htlcMinimum,
                         staticParams.nodeParams.feeBase,
                         staticParams.nodeParams.feeProportionalMillionths.toLong(),
-                        commitments.latest.fundingAmount.toMilliSatoshi(),
-                        enable = Helpers.aboveReserve(commitments)
+                        commitments1.latest.fundingAmount.toMilliSatoshi(),
+                        enable = Helpers.aboveReserve(commitments1)
                     )
                     val nextState = Normal(
-                        commitments,
+                        commitments1,
                         shortChannelId,
                         initialChannelUpdate,
                         null,
@@ -84,7 +86,7 @@ data class WaitForChannelReady(
                     )
                     val actions = listOf(
                         ChannelAction.Storage.StoreState(nextState),
-                        ChannelAction.Storage.SetLocked(commitments.latest.fundingTxId),
+                        ChannelAction.Storage.SetLocked(commitments1.latest.fundingTxId),
                         ChannelAction.EmitEvent(ChannelEvents.Confirmed(nextState)),
                     )
                     Pair(nextState, actions)

modules/core/src/commonMain/kotlin/fr/acinq/lightning/json/JsonSerializers.kt

@@ -86,6 +86,8 @@
     JsonSerializers.TlvStreamSerializer::class,
     JsonSerializers.ShutdownTlvSerializer::class,
     JsonSerializers.ClosingSignedTlvSerializer::class,
+    JsonSerializers.MyCurrentFundingLockedTlvSerializer::class,
+    JsonSerializers.YourLastFundingLockedTlvSerializer::class,
     JsonSerializers.ChannelReestablishTlvSerializer::class,
     JsonSerializers.ChannelReadyTlvSerializer::class,
     JsonSerializers.CommitSigTlvAlternativeFeerateSigSerializer::class,
@@ -204,6 +206,8 @@ object JsonSerializers {
                 subclass(UpdateFee::class, UpdateFeeSerializer)
             }
             polymorphic(Tlv::class) {
+                subclass(ChannelReestablishTlv.MyCurrentFundingLocked::class, MyCurrentFundingLockedTlvSerializer)
+                subclass(ChannelReestablishTlv.YourLastFundingLocked::class, YourLastFundingLockedTlvSerializer)
                 subclass(ChannelReadyTlv.ShortChannelIdTlv::class, ChannelReadyTlvShortChannelIdTlvSerializer)
                 subclass(CommitSigTlv.AlternativeFeerateSigs::class, CommitSigTlvAlternativeFeerateSigsSerializer)
                 subclass(CommitSigTlv.Batch::class, CommitSigTlvBatchSerializer)
@@ -551,6 +555,12 @@ object JsonSerializers {
     @Serializer(forClass = ChannelReadyTlv::class)
     object ChannelReadyTlvSerializer
 
+    @Serializer(forClass = ChannelReestablishTlv.MyCurrentFundingLocked::class)
+    object MyCurrentFundingLockedTlvSerializer
+
+    @Serializer(forClass = ChannelReestablishTlv.YourLastFundingLocked::class)
+    object YourLastFundingLockedTlvSerializer
+
     @Serializer(forClass = ChannelReestablishTlv::class)
     object ChannelReestablishTlvSerializer
 

modules/core/src/commonMain/kotlin/fr/acinq/lightning/wire/ChannelTlv.kt

@@ -203,6 +203,28 @@ sealed class ChannelReestablishTlv : Tlv {
         }
     }
 
+    /** Latest splice_locked or channel_ready received before disconnecting. */
+    data class YourLastFundingLocked(val txId: TxId) : ChannelReestablishTlv() {
+        override val tag: Long get() = YourLastFundingLocked.tag
+        override fun write(out: Output) = LightningCodecs.writeTxHash(TxHash(txId), out)
+
+        companion object : TlvValueReader<YourLastFundingLocked> {
+            const val tag: Long = 1
+            override fun read(input: Input): YourLastFundingLocked = YourLastFundingLocked(TxId(LightningCodecs.txHash(input)))
+        }
+    }
+
+    /** Latest splice_locked or channel_ready that we're ready to send. */
+    data class MyCurrentFundingLocked(val txId: TxId) : ChannelReestablishTlv() {
+        override val tag: Long get() = MyCurrentFundingLocked.tag
+        override fun write(out: Output) = LightningCodecs.writeTxHash(TxHash(txId), out)
+
+        companion object : TlvValueReader<MyCurrentFundingLocked> {
+            const val tag: Long = 3
+            override fun read(input: Input): MyCurrentFundingLocked = MyCurrentFundingLocked(TxId(LightningCodecs.txHash(input)))
+        }
+    }
+
     data class ChannelData(val ecb: EncryptedChannelData) : ChannelReestablishTlv() {
         override val tag: Long get() = ChannelData.tag
         override fun write(out: Output) = LightningCodecs.writeBytes(ecb.data, out)

modules/core/src/commonMain/kotlin/fr/acinq/lightning/wire/LightningMessages.kt

@@ -1340,6 +1340,9 @@ data class ChannelReestablish(
     override val type: Long get() = ChannelReestablish.type
 
     val nextFundingTxId: TxId? = tlvStream.get<ChannelReestablishTlv.NextFunding>()?.txId
+    val yourLastFundingLocked: TxId? = tlvStream.get<ChannelReestablishTlv.YourLastFundingLocked>()?.txId
+    val myCurrentFundingLocked: TxId? = tlvStream.get<ChannelReestablishTlv.MyCurrentFundingLocked>()?.txId
+
     override val channelData: EncryptedChannelData get() = tlvStream.get<ChannelReestablishTlv.ChannelData>()?.ecb ?: EncryptedChannelData.empty
     override fun withNonEmptyChannelData(ecd: EncryptedChannelData): ChannelReestablish = copy(tlvStream = tlvStream.addOrUpdate(ChannelReestablishTlv.ChannelData(ecd)))
 
@@ -1359,6 +1362,8 @@ data class ChannelReestablish(
         val readers = mapOf(
             ChannelReestablishTlv.ChannelData.tag to ChannelReestablishTlv.ChannelData.Companion as TlvValueReader<ChannelReestablishTlv>,
             ChannelReestablishTlv.NextFunding.tag to ChannelReestablishTlv.NextFunding.Companion as TlvValueReader<ChannelReestablishTlv>,
+            ChannelReestablishTlv.YourLastFundingLocked.tag to ChannelReestablishTlv.YourLastFundingLocked.Companion as TlvValueReader<ChannelReestablishTlv>,
+            ChannelReestablishTlv.MyCurrentFundingLocked.tag to ChannelReestablishTlv.MyCurrentFundingLocked.Companion as TlvValueReader<ChannelReestablishTlv>,
         )
 
         override fun read(input: Input): ChannelReestablish {