Support client_trusts_lsp=true on ldk-node #572
Conversation
|
👋 Thanks for assigning @tnull as a reviewer! |
|
🔔 1st Reminder Hey @tnull! This PR has been waiting for your review. |
src/event.rs
Outdated
| "Failed to process funding transaction: {:?}", | ||
| err | ||
| self.liquidity_source.as_ref().map(|ls| { | ||
| ls.lsps2_store_funding_transaction( |
There was a problem hiding this comment.
Would we always need to store the funding transaction, even if we're not doing the full flow?
There was a problem hiding this comment.
I moved it to inside the if statement, so it will store it only if needs_manual_broadcast is true 👍
src/event.rs
Outdated
| return Err(ReplayEvent()); | ||
| }, | ||
| }; | ||
| self.payment_store.update(&update).map_err(|e| { |
There was a problem hiding this comment.
There are a lot of unrelated changes happening in this commit. a) not sure if I agree that they are worth doing at all but b) always try to keep such changes in separate commits please.
There was a problem hiding this comment.
Sorry about that, I made a rebase and a cleanup. now this commit 53a8174 will have the minimal changes to make the client_trusts_lsp flow work
There was a problem hiding this comment.
There are a lot of unrelated changes happening in this commit.
This was a refactor on the PaymentClaimable event to make the manual claim work on my tests.
That part is removed after the rebase, so we should be good now
martinsaposnic
force-pushed
the
client-trusts-lsp
branch
from
480a3ce to
53a8174
Compare
|
🔔 1st Reminder Hey @tnull! This PR has been waiting for your review. |
|
🔔 2nd Reminder Hey @tnull! This PR has been waiting for your review. |
|
🔔 3rd Reminder Hey @tnull! This PR has been waiting for your review. |
|
🔔 4th Reminder Hey @tnull! This PR has been waiting for your review. |
|
cc @johncantrell97 as he previously looked into this and might be interested in reviewing/and or might have additional thoughts. |
There was a problem hiding this comment.
I have partially reviewed 53a81743 (pending tests) and found it helpful in clarifying my understanding of LSPs. I have some initial comments/questions regarding the following:
client_trusts_lsp configuration
client_trusts_lspis configured statically but I have assumed that based on blip52, this could (should?) be dynamically configured without restarting the node when it detects an attack.- Given the current implementation, what happens to in-flight outbound JIT channels (whose clients are awaiting funding transactions to be broadcast) during a trust mode transition, i.e.
lsp_trusts_clienttoclient_trusts_lsp?
error silencing
I don't fully understand why possible APIMisuseError relating to channel_needs_manual_broadcast is silenced/ignored with unwrap_or(false). Should we proceed with funding if we can't, for example, associate a channel with the user_channel_id?
| /// The maximum payment size that we will accept when opening a channel. | ||
| pub max_payment_size_msat: u64, | ||
| /// Use the client trusts lsp model | ||
| pub client_trusts_lsp: bool, |
There was a problem hiding this comment.
I'm trying to understand the client_trusts_lsp configuration here. According to bLIP-52, I expect the LSP to dynamically switch from lsp_trusts_client to client_trusts_lsp mode upon detecting an attack, without requiring a restart.
However, this configuration appears to be static and set at node startup. If that's the case, what happens when:
- A node initially running in
lsp_trusts_clientmode detects an attack - The node restarts with
client_trusts_lsp:trueto switch modes - There's an existing outbound JIT channel where the client expects the LSP to broadcast the funding transaction before sending the preimage to claim.
What are the potential consequences for that in-flight JIT channel during the mode transition?
There was a problem hiding this comment.
just pushed a fixup that makes the flag dynamic
There's an existing outbound JIT channel where the client expects the LSP to broadcast the funding transaction before sending the preimage to claim.
I just posted a question about this https://discord.com/channels/915026692102316113/994015949176963183/1397280758196080660
my current interpretation about this is that once lsps2.buy succeeds, that flag is part of the contract for this flow. the LSP can always abort and make you start over, but it cannot change the trust model mid negotiation
we will see what they respond on discord
There was a problem hiding this comment.
my current interpretation about this is that once lsps2.buy succeeds, that flag is part of the contract for this flow. the LSP can always abort and make you start over, but it cannot change the trust model mid negotiation
I created a test that shows how this works (test lsps2_in_flight_under_attack_switch)
There was a problem hiding this comment.
my current interpretation about this is that once lsps2.buy succeeds, that flag is part of the contract for this flow. the LSP can always abort and make you start over, but it cannot change the trust model mid negotiation
Yes, as also noted on Discord, I agree with that interpretation and even think that for now we can leave the flag to be statically determined at startup.
src/liquidity.rs
Outdated
| if let Some(handler) = lsps2_service_handler { | ||
| handler | ||
| .channel_needs_manual_broadcast(user_channel_id, &counterparty_node_id) | ||
| .unwrap_or(false) |
There was a problem hiding this comment.
Unsure about unwrap_or here. I think we should log the error and be concerned about its cause if channel_needs_manual_broadcast returns an APIError::APIMisuseError? Say we couldn't find a channel mapped to the provided user_channel_id, should we still go on to call channel_manager.funding_transaction_generated for a non-existent channel when handling FundingGenerationReady? I am confused about this.
There was a problem hiding this comment.
this is also fixed in commit 2cc5267
thank you for the review!
martinsaposnic
force-pushed
the
client-trusts-lsp
branch
from
2cc5267 to
c9d0c96
Compare
martinsaposnic
changed the title
martinsaposnic
force-pushed
the
client-trusts-lsp
branch
from
9f24d6d to
784e976
Compare
implement changes introduced on lightningdevkit/rust-lightning#3838 as discussed, client_trusts_lsp is a flag set at startup. a new function receive_via_jit_channel_manual_claim is introduced to bolt11 so we allow the client to manually claim a payment (used on tests).
martinsaposnic
force-pushed
the
client-trusts-lsp
branch
from
784e976 to
5b51f92
Compare
martinsaposnic
force-pushed
the
client-trusts-lsp
branch
from
85e8b38 to
4a5d916
Compare
martinsaposnic
force-pushed
the
client-trusts-lsp
branch
from
4a5d916 to
beacfe7
Compare
|
🔔 1st Reminder Hey @tnull! This PR has been waiting for your review. |
|
🔔 2nd Reminder Hey @tnull! This PR has been waiting for your review. |
|
🔔 3rd Reminder Hey @tnull! This PR has been waiting for your review. |
|
🔔 4th Reminder Hey @tnull! This PR has been waiting for your review. |
implement changes introduced on lightningdevkit/rust-lightning#3838 for rust-lightning.
as discussed, client_trusts_lsp is a flag set at startup.
a new function receive_via_jit_channel_manual_claim is introduced to bolt11 so we allow the client to
manually claim a payment (used on tests).