lightningnetwork / lnd / 17830307614

package chancloser

import (

        "bytes"

        "fmt"

        "github.com/btcsuite/btcd/btcec/v2"

        "github.com/btcsuite/btcd/btcec/v2/schnorr/musig2"

        "github.com/btcsuite/btcd/btcutil"

        "github.com/btcsuite/btcd/chaincfg"

        "github.com/btcsuite/btcd/txscript"

        "github.com/btcsuite/btcd/wire"

        "github.com/lightningnetwork/lnd/channeldb"

        "github.com/lightningnetwork/lnd/fn/v2"

        "github.com/lightningnetwork/lnd/htlcswitch"

        "github.com/lightningnetwork/lnd/input"

        "github.com/lightningnetwork/lnd/labels"

        "github.com/lightningnetwork/lnd/lntypes"

        "github.com/lightningnetwork/lnd/lnutils"

        "github.com/lightningnetwork/lnd/lnwallet"

        "github.com/lightningnetwork/lnd/lnwallet/chainfee"

        "github.com/lightningnetwork/lnd/lnwire"

)

var (

        // ErrChanAlreadyClosing is returned when a channel shutdown is

        // attempted more than once.

        ErrChanAlreadyClosing = fmt.Errorf("channel shutdown already initiated")

        // ErrChanCloseNotFinished is returned when a caller attempts to access

        // a field or function that is contingent on the channel closure

        // negotiation already being completed.

        ErrChanCloseNotFinished = fmt.Errorf("close negotiation not finished")

        // ErrInvalidState is returned when the closing state machine receives a

        // message while it is in an unknown state.

        ErrInvalidState = fmt.Errorf("invalid state")

        // ErrUpfrontShutdownScriptMismatch is returned when a peer or end user

        // provides a cooperative close script which does not match the upfront

        // shutdown script previously set for that party.

        ErrUpfrontShutdownScriptMismatch = fmt.Errorf("shutdown script does not " +

                "match upfront shutdown script")

        // ErrProposalExceedsMaxFee is returned when as the initiator, the

        // latest fee proposal sent by the responder exceed our max fee.

        // responder.

        ErrProposalExceedsMaxFee = fmt.Errorf("latest fee proposal exceeds " +

                "max fee")

        // ErrInvalidShutdownScript is returned when we receive an address from

        // a peer that isn't either a p2wsh or p2tr address.

        ErrInvalidShutdownScript = fmt.Errorf("invalid shutdown script")

        // errNoShutdownNonce is returned when a shutdown message is received

        // w/o a nonce for a taproot channel.

        errNoShutdownNonce = fmt.Errorf("shutdown nonce not populated")

)

// closeState represents all the possible states the channel closer state

// machine can be in. Each message will either advance to the next state, or

// remain at the current state. Once the state machine reaches a state of

// closeFinished, then negotiation is over.

type closeState uint8

const (

        // closeIdle is the initial starting state. In this state, the state

        // machine has been instantiated, but no state transitions have been

        // attempted. If a state machine receives a message while in this state,

        // then it is the responder to an initiated cooperative channel closure.

        closeIdle closeState = iota

        // closeShutdownInitiated is the state that's transitioned to once the

        // initiator of a closing workflow sends the shutdown message. At this

        // point, they're waiting for the remote party to respond with their own

        // shutdown message. After which, they'll both enter the fee negotiation

        // phase.

        closeShutdownInitiated

        // closeAwaitingFlush is the state that's transitioned to once both

        // Shutdown messages have been exchanged but we are waiting for the

        // HTLCs to clear out of the channel.

        closeAwaitingFlush

        // closeFeeNegotiation is the third, and most persistent state. Both

        // parties enter this state after they've sent and received a shutdown

        // message. During this phase, both sides will send monotonically

        // increasing fee requests until one side accepts the last fee rate

        // offered by the other party. In this case, the party will broadcast

        // the closing transaction, and send the accepted fee to the remote

        // party. This then causes a shift into the closeFinished state.

        closeFeeNegotiation

        // closeFinished is the final state of the state machine. In this state,

        // a side has accepted a fee offer and has broadcast the valid closing

        // transaction to the network. During this phase, the closing

        // transaction becomes available for examination.

        closeFinished

)

const (

        // defaultMaxFeeMultiplier is a multiplier we'll apply to the ideal fee

        // of the initiator, to decide when the negotiated fee is too high. By

        // default, we want to bail out if we attempt to negotiate a fee that's

        // 3x higher than our max fee.

        defaultMaxFeeMultiplier = 3

)

// DeliveryAddrWithKey wraps a normal delivery addr, but also includes the

// internal key for the delivery addr if known.

type DeliveryAddrWithKey struct {

        // DeliveryAddress is the raw, serialized pkScript of the delivery

        // address.

        lnwire.DeliveryAddress

        // InternalKey is the Taproot internal key of the delivery address, if

        // the address is a P2TR output.

        InternalKey fn.Option[btcec.PublicKey]

}

// ChanCloseCfg holds all the items that a ChanCloser requires to carry out its

// duties.

type ChanCloseCfg struct {

        // Channel is the channel that should be closed.

        Channel Channel

        // MusigSession is used to handle generating musig2 nonces, and also

        // creating the proper set of closing options for taproot channels.

        MusigSession MusigSession

        // BroadcastTx broadcasts the passed transaction to the network.

        BroadcastTx func(*wire.MsgTx, string) error

        // DisableChannel disables a channel, resulting in it not being able to

        // forward payments.

        DisableChannel func(wire.OutPoint) error

        // Disconnect will disconnect from the remote peer in this close.

        Disconnect func() error

        // MaxFee, is non-zero represents the highest fee that the initiator is

        // willing to pay to close the channel.

        MaxFee chainfee.SatPerKWeight

        // ChainParams holds the parameters of the chain that we're active on.

        ChainParams *chaincfg.Params

        // Quit is a channel that should be sent upon in the occasion the state

        // machine should cease all progress and shutdown.

        Quit chan struct{}

        // FeeEstimator is used to estimate the absolute starting co-op close

        // fee.

        FeeEstimator CoopFeeEstimator

        // AuxCloser is an optional interface that can be used to modify the

        // way the co-op close process proceeds.

        AuxCloser fn.Option[AuxChanCloser]

}

// ChanCloser is a state machine that handles the cooperative channel closure

// procedure. This includes shutting down a channel, marking it ineligible for

// routing HTLC's, negotiating fees with the remote party, and finally

// broadcasting the fully signed closure transaction to the network.

type ChanCloser struct {

        // state is the current state of the state machine.

        state closeState

        // cfg holds the configuration for this ChanCloser instance.

        cfg ChanCloseCfg

        // chanPoint is the full channel point of the target channel.

        chanPoint wire.OutPoint

        // cid is the full channel ID of the target channel.

        cid lnwire.ChannelID

        // negotiationHeight is the height that the fee negotiation begun at.

        negotiationHeight uint32

        // closingTx is the final, fully signed closing transaction. This will

        // only be populated once the state machine shifts to the closeFinished

        // state.

        closingTx *wire.MsgTx

        // idealFeeSat is the ideal fee that the state machine should initially

        // offer when starting negotiation. This will be used as a baseline.

        idealFeeSat btcutil.Amount

        // maxFee is the highest fee the initiator is willing to pay to close

        // out the channel. This is either a use specified value, or a default

        // multiplier based of the initial starting ideal fee.

        maxFee btcutil.Amount

        // idealFeeRate is our ideal fee rate.

        idealFeeRate chainfee.SatPerKWeight

        // lastFeeProposal is the last fee that we proposed to the remote party.

        // We'll use this as a pivot point to ratchet our next offer up, down,

        // or simply accept the remote party's prior offer.

        lastFeeProposal btcutil.Amount

        // priorFeeOffers is a map that keeps track of all the proposed fees

        // that we've offered during the fee negotiation. We use this map to cut

        // the negotiation early if the remote party ever sends an offer that

        // we've sent in the past. Once negotiation terminates, we can extract

        // the prior signature of our accepted offer from this map.

        //

        // TODO(roasbeef): need to ensure if they broadcast w/ any of our prior

        // sigs, we are aware of

        priorFeeOffers map[btcutil.Amount]*lnwire.ClosingSigned

        // closeReq is the initial closing request. This will only be populated

        // if we're the initiator of this closing negotiation.

        //

        // TODO(roasbeef): abstract away

        closeReq *htlcswitch.ChanClose

        // localDeliveryScript is the script that we'll send our settled channel

        // funds to.

        localDeliveryScript []byte

        // localInternalKey is the local delivery address Taproot internal key,

        // if the local delivery script is a P2TR output.

        localInternalKey fn.Option[btcec.PublicKey]

        // remoteDeliveryScript is the script that we'll send the remote party's

        // settled channel funds to.

        remoteDeliveryScript []byte

        // closer is ChannelParty who initiated the coop close

        closer lntypes.ChannelParty

        // cachedClosingSigned is a cached copy of a received ClosingSigned that

        // we use to handle a specific race condition caused by the independent

        // message processing queues.

        cachedClosingSigned fn.Option[lnwire.ClosingSigned]

        // localCloseOutput is the local output on the closing transaction that

        // the local party should be paid to. This will only be populated if the

        // local balance isn't dust.

        localCloseOutput fn.Option[CloseOutput]

        // remoteCloseOutput is the remote output on the closing transaction

        // that the remote party should be paid to. This will only be populated

        // if the remote balance isn't dust.

        remoteCloseOutput fn.Option[CloseOutput]

        // auxOutputs are the optional additional outputs that might be added to

        // the closing transaction.

        auxOutputs fn.Option[AuxCloseOutputs]

}

// calcCoopCloseFee computes an "ideal" absolute co-op close fee given the

// delivery scripts of both parties and our ideal fee rate.

func calcCoopCloseFee(chanType channeldb.ChannelType,

        localOutput, remoteOutput *wire.TxOut,

        // One of these outputs might be dust, so we'll skip adding it to our

        // mock transaction, so the fees are more accurate.

}

// SimpleCoopFeeEstimator is the default co-op close fee estimator. It assumes

// a normal segwit v0 channel, and that no outputs on the closing transaction

// are dust.

type SimpleCoopFeeEstimator struct {

}

// EstimateFee estimates an _absolute_ fee for a co-op close transaction given

// the local+remote tx outs (for the co-op close transaction), channel type,

// and ideal fee rate.

func (d *SimpleCoopFeeEstimator) EstimateFee(chanType channeldb.ChannelType,

        localTxOut, remoteTxOut *wire.TxOut,

// NewChanCloser creates a new instance of the channel closure given the passed

// configuration, and delivery+fee preference. The final argument should only

// be populated iff, we're the initiator of this closing request.

func NewChanCloser(cfg ChanCloseCfg, deliveryScript DeliveryAddrWithKey,

        idealFeePerKw chainfee.SatPerKWeight, negotiationHeight uint32,

        closeReq *htlcswitch.ChanClose,

// initFeeBaseline computes our ideal fee rate, and also the largest fee we'll

// accept given information about the delivery script of the remote party.

        // Given the target fee-per-kw, we'll compute what our ideal _total_

        // fee will be starting at for this fee negotiation.

        // TODO(ziggie): Make sure the ideal fee is not higher than the max fee.

        // Either error out or cap the ideal fee at the max fee.

}

// initChanShutdown begins the shutdown process by un-registering the channel,

// and creating a valid shutdown message to our target delivery address.

        })

        // If this is a taproot channel, then we'll need to also generate a

        // nonce that'll be used sign the co-op close transaction offer.

        }

        // Before closing, we'll attempt to send a disable update for the

        // channel.  We do so before closing the channel as otherwise the

        // current edge policy won't be retrievable from the graph.

        // We'll track our local close output, even if it's dust in BTC terms,

        // it might still carry value in custom channel terms.

}

// ShutdownChan is the first method that's to be called by the initiator of the

// cooperative channel closure. This message returns the shutdown message to

// send to the remote party. Upon completion, we enter the

// closeShutdownInitiated phase as we await a response.

        // With the opening steps complete, we'll transition into the

        // closeShutdownInitiated state. In this state, we'll wait until the

        // other party sends their version of the shutdown message.

}

// ClosingTx returns the fully signed, final closing transaction.

//

// NOTE: This transaction is only available if the state machine is in the

// closeFinished state.

}

// CloseRequest returns the original close request that prompted the creation

// of the state machine.

//

// NOTE: This will only return a non-nil pointer if we were the initiator of

// the cooperative closure workflow.

// Channel returns the channel stored in the config as a

// *lnwallet.LightningChannel.

//

// NOTE: This method will PANIC if the underlying channel implementation isn't

// the desired type.

// NegotiationHeight returns the negotiation height.

// LocalCloseOutput returns the local close output.

// RemoteCloseOutput returns the remote close output.

// AuxOutputs returns optional extra outputs.

// validateShutdownScript attempts to match and validate the script provided in

// our peer's shutdown message with the upfront shutdown script we have on

// record. For any script specified, we also make sure it matches our

// requirements. If no upfront shutdown script was set, we do not need to

// enforce option upfront shutdown, so the function returns early. If an

// upfront script is set, we check whether it matches the script provided by

// our peer. If they do not match, we use the disconnect function provided to

// disconnect from the peer.

func validateShutdownScript(upfrontScript, peerScript lnwire.DeliveryAddress,

        }

        }

        // If no upfront shutdown script was set, return early because we do

        // not need to enforce closure to a specific script.

        // If an upfront shutdown script was provided, disconnect from the peer, as

        // per BOLT 2, and return an error.

}

// ReceiveShutdown takes a raw Shutdown message and uses it to try and advance

// the ChanCloser state machine, failing if it is coming in at an invalid time.

// If appropriate, it will also generate a Shutdown message of its own to send

// out to the peer. It is possible for this method to return None when no error

// occurred.

func (c *ChanCloser) ReceiveShutdown(msg lnwire.Shutdown) (

        // If we're in the close idle state, and we're receiving a channel

        // closure related message, then this indicates that we're on the

        // receiving side of an initiated channel closure.

                }

                // If the remote node opened the channel with option upfront

                // shutdown script, check that the script they provided matches.

                // Once we have checked that the other party has not violated

                // option upfront shutdown we set their preference for delivery

                // address. We'll use this when we craft the closure

                // transaction.

                // If this is a taproot channel, then we'll want to stash the

                // remote nonces so we can properly create a new musig

                // session for signing.

                }

                // Now that we know this is a valid shutdown message and

                // address, we'll record their preferred delivery closing

                // script.

                }

        }

}

// BeginNegotiation should be called when we have definitively reached a clean

// channel state and are ready to cooperatively arrive at a closing transaction.

// If it is our responsibility to kick off the negotiation, this method will

// generate a ClosingSigned message. If it is the remote's responsibility, then

// it will not. In either case it will transition the ChanCloser state machine

// to the negotiation phase wherein ClosingSigned messages are exchanged until

// a mutually agreeable result is achieved.

func (c *ChanCloser) BeginNegotiation() (fn.Option[lnwire.ClosingSigned],

                // At this point, we can now start the fee negotiation state, by

                // constructing and sending our initial signature for what we

                // think the closing transaction should look like.

                        )

                }

                // We'll craft our initial close proposal in order to keep the

                // negotiation moving, but only if we're the initiator.

        }

}

// ReceiveClosingSigned is a method that should be called whenever we receive a

// ClosingSigned message from the wire. It may or may not return a

// ClosingSigned of our own to send back to the remote.

func (c *ChanCloser) ReceiveClosingSigned( //nolint:funlen

                // For taproot channels, since nonces are involved, we can't do

                // the existing co-op close negotiation process without going

                // to a fully round based model. Rather than do this, we'll

                // just accept the very first offer by the initiator.

                // Otherwise, if we are the initiator, and we just sent a

                // signature for a taproot channel, then we'll ensure that the

                // fee rate matches up exactly.

                // If we're the initiator of the taproot channel, and we had

                // our fee echo'd back, then it's all good, and we can proceed

                // with final broadcast.

                // Otherwise, if this is a normal segwit v0 channel, and the

                // fee doesn't match our offer, then we'll try to "negotiate" a

                // new fee.

                        // With our new fee proposal calculated, we'll craft a

                        // new close signed signature to send to the other

                        // party so we can continue the fee negotiation

                        // process.

                        // If the compromise fee doesn't match what the peer

                        // proposed, then we'll return this latest close signed

                        // message so we can continue negotiation.

                }

                }

                // Before we complete the cooperative close, we'll see if we

                // have any extra aux options.