[wip] Put a 10_000vByte cap on HolderHTLCOutput 0FC package templates

Otherwise, we could potentially hit the max 10_000vB size limit on V3
transactions (BIP 431 rule 4) if we aggregate enough HTLC-claims
together.

Author: tankyleo

lightning/src/chain/channelmonitor.rs

@@ -3816,13 +3816,14 @@ impl<Signer: EcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 
 		// If the channel is force closed, try to claim the output from this preimage.
 		// First check if a counterparty commitment transaction has been broadcasted:
+		let is_0fc_channel = self.channel_type_features().supports_anchor_zero_fee_commitments();
 		macro_rules! claim_htlcs {
 			($commitment_number: expr, $txid: expr, $htlcs: expr) => {
 				let (htlc_claim_reqs, _) = self.get_counterparty_output_claim_info(funding_spent, $commitment_number, $txid, None, $htlcs, confirmed_spend_height);
 				let conf_target = self.closure_conf_target();
 				self.onchain_tx_handler.update_claims_view_from_requests(
 					htlc_claim_reqs, self.best_block.height, self.best_block.height, broadcaster,
-					conf_target, &self.destination_script, fee_estimator, logger,
+					conf_target, &self.destination_script, fee_estimator, is_0fc_channel, logger,
 				);
 			}
 		}
@@ -3874,9 +3875,10 @@ impl<Signer: EcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 					funding_spent, holder_commitment_tx, self.best_block.height,
 				);
 				let conf_target = self.closure_conf_target();
+				let is_0fc_channel = self.channel_type_features().supports_anchor_zero_fee_commitments();
 				self.onchain_tx_handler.update_claims_view_from_requests(
 					claim_reqs, self.best_block.height, self.best_block.height, broadcaster,
-					conf_target, &self.destination_script, fee_estimator, logger,
+					conf_target, &self.destination_script, fee_estimator, is_0fc_channel, logger,
 				);
 			}
 		}
@@ -3955,9 +3957,10 @@ impl<Signer: EcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 		};
 		let (claimable_outpoints, _) = self.generate_claimable_outpoints_and_watch_outputs(Some(reason));
 		let conf_target = self.closure_conf_target();
+		let is_0fc_channel = self.channel_type_features().supports_anchor_zero_fee_commitments();
 		self.onchain_tx_handler.update_claims_view_from_requests(
 			claimable_outpoints, self.best_block.height, self.best_block.height, broadcaster,
-			conf_target, &self.destination_script, fee_estimator, logger,
+			conf_target, &self.destination_script, fee_estimator, is_0fc_channel, logger,
 		);
 	}
 
@@ -5196,8 +5199,9 @@ impl<Signer: EcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 			log_trace!(logger, "Best block re-orged, replaced with new block {} at height {}", block_hash, height);
 			self.onchain_events_awaiting_threshold_conf.retain(|ref entry| entry.height <= height);
 			let conf_target = self.closure_conf_target();
+			let is_0fc_channel = self.channel_type_features().supports_anchor_zero_fee_commitments();
 			self.onchain_tx_handler.blocks_disconnected(
-				height, &broadcaster, conf_target, &self.destination_script, fee_estimator, logger,
+				height, &broadcaster, conf_target, &self.destination_script, fee_estimator, is_0fc_channel, logger,
 			);
 			Vec::new()
 		} else { Vec::new() }
@@ -5659,9 +5663,10 @@ impl<Signer: EcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 		}
 
 		let conf_target = self.closure_conf_target();
+		let is_0fc_channel = self.channel_type_features().supports_anchor_zero_fee_commitments();
 		self.onchain_tx_handler.update_claims_view_from_requests(
 			claimable_outpoints, conf_height, self.best_block.height, broadcaster, conf_target,
-			&self.destination_script, fee_estimator, logger,
+			&self.destination_script, fee_estimator, is_0fc_channel, logger,
 		);
 		self.onchain_tx_handler.update_claims_view_from_matched_txn(
 			&txn_matched, conf_height, conf_hash, self.best_block.height, broadcaster, conf_target,
@@ -5727,8 +5732,9 @@ impl<Signer: EcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 
 		let bounded_fee_estimator = LowerBoundedFeeEstimator::new(fee_estimator);
 		let conf_target = self.closure_conf_target();
+		let is_0fc_channel = self.channel_type_features().supports_anchor_zero_fee_commitments();
 		self.onchain_tx_handler.blocks_disconnected(
-			new_height, &broadcaster, conf_target, &self.destination_script, &bounded_fee_estimator, logger
+			new_height, &broadcaster, conf_target, &self.destination_script, &bounded_fee_estimator, is_0fc_channel, logger
 		);
 
 		// Only attempt to broadcast the new commitment after the `block_disconnected` call above so that
@@ -5788,8 +5794,9 @@ impl<Signer: EcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 		}
 
 		let conf_target = self.closure_conf_target();
+		let is_0fc_channel = self.channel_type_features().supports_anchor_zero_fee_commitments();
 		self.onchain_tx_handler.transaction_unconfirmed(
-			txid, &broadcaster, conf_target, &self.destination_script, fee_estimator, logger
+			txid, &broadcaster, conf_target, &self.destination_script, fee_estimator, is_0fc_channel, logger
 		);
 
 		// Only attempt to broadcast the new commitment after the `transaction_unconfirmed` call above so

lightning/src/chain/onchaintx.rs

@@ -765,7 +765,7 @@ impl<ChannelSigner: EcdsaChannelSigner> OnchainTxHandler<ChannelSigner> {
 	pub(super) fn update_claims_view_from_requests<B: Deref, F: Deref, L: Logger>(
 		&mut self, mut requests: Vec<PackageTemplate>, conf_height: u32, cur_height: u32,
 		broadcaster: &B, conf_target: ConfirmationTarget, destination_script: &Script,
-		fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
+		fee_estimator: &LowerBoundedFeeEstimator<F>, is_0fc_channel: bool, logger: &L
 	) where
 		B::Target: BroadcasterInterface,
 		F::Target: FeeEstimator,
@@ -807,9 +807,9 @@ impl<ChannelSigner: EcdsaChannelSigner> OnchainTxHandler<ChannelSigner> {
 		// Then try to maximally aggregate `requests`.
 		for i in (1..requests.len()).rev() {
 			for j in 0..i {
-				if requests[i].can_merge_with(&requests[j], cur_height) {
+				if requests[i].can_merge_with(&requests[j], cur_height, is_0fc_channel) {
 					let merge = requests.remove(i);
-					if let Err(rejected) = requests[j].merge_package(merge, cur_height) {
+					if let Err(rejected) = requests[j].merge_package(merge, cur_height, is_0fc_channel) {
 						debug_assert!(false, "Merging package should not be rejected after verifying can_merge_with.");
 						requests.insert(i, rejected);
 					} else {
@@ -1123,6 +1123,7 @@ impl<ChannelSigner: EcdsaChannelSigner> OnchainTxHandler<ChannelSigner> {
 		conf_target: ConfirmationTarget,
 		destination_script: &Script,
 		fee_estimator: &LowerBoundedFeeEstimator<F>,
+		is_0fc_channel: bool,
 		logger: &L,
 	) where
 		B::Target: BroadcasterInterface,
@@ -1138,15 +1139,15 @@ impl<ChannelSigner: EcdsaChannelSigner> OnchainTxHandler<ChannelSigner> {
 
 		if let Some(height) = height {
 			self.blocks_disconnected(
-				height - 1, broadcaster, conf_target, destination_script, fee_estimator, logger,
+				height - 1, broadcaster, conf_target, destination_script, fee_estimator, is_0fc_channel, logger,
 			);
 		}
 	}
 
 	#[rustfmt::skip]
 	pub(super) fn blocks_disconnected<B: Deref, F: Deref, L: Logger>(
 		&mut self, new_best_height: u32, broadcaster: &B, conf_target: ConfirmationTarget,
-		destination_script: &Script, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L,
+		destination_script: &Script, fee_estimator: &LowerBoundedFeeEstimator<F>, is_0fc_channel: bool, logger: &L,
 	)
 		where B::Target: BroadcasterInterface,
 			F::Target: FeeEstimator,
@@ -1169,7 +1170,8 @@ impl<ChannelSigner: EcdsaChannelSigner> OnchainTxHandler<ChannelSigner> {
 
 						if let Some(pending_claim) = self.claimable_outpoints.get(package.outpoints()[0]) {
 							if let Some(request) = self.pending_claim_requests.get_mut(&pending_claim.0) {
-								assert!(request.merge_package(package, new_best_height + 1).is_ok());
+								// TODO: double check this assert holds here for V3 HTLC transactions
+								assert!(request.merge_package(package, new_best_height + 1, is_0fc_channel).is_ok());
 								// Using a HashMap guarantee us than if we have multiple outpoints getting
 								// resurrected only one bump claim tx is going to be broadcast
 								bump_candidates.insert(pending_claim.clone(), request.clone());
@@ -1426,6 +1428,7 @@ mod tests {
 			ConfirmationTarget::UrgentOnChainSweep,
 			&destination_script,
 			&fee_estimator,
+			false,
 			&logger,
 		);
 
@@ -1450,6 +1453,7 @@ mod tests {
 			ConfirmationTarget::UrgentOnChainSweep,
 			&destination_script,
 			&fee_estimator,
+			false,
 			&logger,
 		);
 

lightning/src/chain/package.rs

@@ -1183,8 +1183,11 @@ impl PartialEq for PackageTemplate {
 }
 
 impl PackageTemplate {
+	fn weight(&self) -> u64 {
+		self.inputs.iter().map(|(_, solving_data)| solving_data.weight()).sum::<usize>() as u64
+	}
 	#[rustfmt::skip]
-	pub(crate) fn can_merge_with(&self, other: &PackageTemplate, cur_height: u32) -> bool {
+	pub(crate) fn can_merge_with(&self, other: &PackageTemplate, cur_height: u32, is_0fc_channel: bool) -> bool {
 		match (self.malleability, other.malleability) {
 			(PackageMalleability::Untractable, _) => false,
 			(_, PackageMalleability::Untractable) => false,
@@ -1235,16 +1238,30 @@ impl PackageTemplate {
 					self.counterparty_spendable_height <= cur_height + COUNTERPARTY_CLAIMABLE_WITHIN_BLOCKS_PINNABLE;
 				let other_pinnable = other_cluster == AggregationCluster::Pinnable ||
 					other.counterparty_spendable_height <= cur_height + COUNTERPARTY_CLAIMABLE_WITHIN_BLOCKS_PINNABLE;
-				if self_pinnable && other_pinnable {
-					return true;
-				}
 
 				let self_unpinnable = self_cluster == AggregationCluster::Unpinnable &&
 					self.counterparty_spendable_height > cur_height + COUNTERPARTY_CLAIMABLE_WITHIN_BLOCKS_PINNABLE;
 				let other_unpinnable = other_cluster == AggregationCluster::Unpinnable &&
 					other.counterparty_spendable_height > cur_height + COUNTERPARTY_CLAIMABLE_WITHIN_BLOCKS_PINNABLE;
-				if self_unpinnable && other_unpinnable {
-					return true;
+
+				if self_pinnable && other_pinnable || self_unpinnable && other_unpinnable {
+					if is_0fc_channel && self.inputs.iter().any(|(_, solving_data)| matches!(solving_data, PackageSolvingData::HolderHTLCOutput(_))) {
+						// MUST be true, otherwise we are aggregating V2 tx claims with V3 tx claims
+						debug_assert!(self.inputs.iter().all(|(_, solving_data)| matches!(solving_data, PackageSolvingData::HolderHTLCOutput(_) )));
+						debug_assert!(other.inputs.iter().all(|(_, solving_data)| matches!(solving_data, PackageSolvingData::HolderHTLCOutput(_) )));
+						// See rust-bitcoin to_vbytes_ceil
+						let self_vbytes = (self.weight() + 3) / 4; // This is the weight of the witnesses alone, we need to add more here
+						let other_vbytes = (other.weight() + 3) / 4;
+						// What is a good offset to use here to leave room for the user-provided input-output pair?
+						// How much validation to do at coin-selection time in bump_transaction mod ?
+						// Just warn users in the docs not to use some really heavy witnesses to fee-bump their transactions?
+						// A 1-input-1-output p2wpkh-input p2wpkh-input transaction is 109.25vB.
+						if self_vbytes + other_vbytes < 10_000 - 200 {
+							return true;
+						}
+					} else {
+						return true;
+					}
 				}
 				false
 			},
@@ -1310,9 +1327,9 @@ impl PackageTemplate {
 		}
 	}
 	pub(crate) fn merge_package(
-		&mut self, mut merge_from: PackageTemplate, cur_height: u32,
+		&mut self, mut merge_from: PackageTemplate, cur_height: u32, is_0fc_channel: bool,
 	) -> Result<(), PackageTemplate> {
-		if !self.can_merge_with(&merge_from, cur_height) {
+		if !self.can_merge_with(&merge_from, cur_height, is_0fc_channel) {
 			return Err(merge_from);
 		}
 		for (k, v) in merge_from.inputs.drain(..) {
@@ -1985,11 +2002,11 @@ mod tests {
 		let mut untractable_package = PackageTemplate::build_package(fake_txid(1), 0, funding_outp.clone(), 0);
 		let mut malleable_package = PackageTemplate::build_package(fake_txid(2), 0, htlc_outp.clone(), 1100);
 
-		assert!(!untractable_package.can_merge_with(&malleable_package, 1000));
-		assert!(untractable_package.merge_package(malleable_package.clone(), 1000).is_err());
+		assert!(!untractable_package.can_merge_with(&malleable_package, 1000, false));
+		assert!(untractable_package.merge_package(malleable_package.clone(), 1000, false).is_err());
 
-		assert!(!malleable_package.can_merge_with(&untractable_package, 1000));
-		assert!(malleable_package.merge_package(untractable_package.clone(), 1000).is_err());
+		assert!(!malleable_package.can_merge_with(&untractable_package, 1000, false));
+		assert!(malleable_package.merge_package(untractable_package.clone(), 1000, false).is_err());
 	}
 
 	#[test]
@@ -2000,8 +2017,8 @@ mod tests {
 		let mut empty_package = PackageTemplate::build_package(fake_txid(1), 0, revk_outp.clone(), 0);
 		empty_package.inputs = vec![];
 		let mut package = PackageTemplate::build_package(fake_txid(1), 1, revk_outp.clone(), 1100);
-		assert!(empty_package.merge_package(package.clone(), 1000).is_err());
-		assert!(package.merge_package(empty_package.clone(), 1000).is_err());
+		assert!(empty_package.merge_package(package.clone(), 1000, false).is_err());
+		assert!(package.merge_package(empty_package.clone(), 1000, false).is_err());
 	}
 
 	#[test]
@@ -2017,15 +2034,15 @@ mod tests {
 		let mut offered_htlc_2_package = PackageTemplate::build_package(fake_txid(1), 1, offered_htlc_2.clone(), 0);
 		let mut accepted_htlc_package = PackageTemplate::build_package(fake_txid(1), 2, accepted_htlc.clone(), 1001);
 
-		assert!(!offered_htlc_2_package.can_merge_with(&offered_htlc_1_package, 1000));
-		assert!(offered_htlc_2_package.merge_package(offered_htlc_1_package.clone(), 1000).is_err());
-		assert!(!offered_htlc_1_package.can_merge_with(&offered_htlc_2_package, 1000));
-		assert!(offered_htlc_1_package.merge_package(offered_htlc_2_package.clone(), 1000).is_err());
+		assert!(!offered_htlc_2_package.can_merge_with(&offered_htlc_1_package, 1000, false));
+		assert!(offered_htlc_2_package.merge_package(offered_htlc_1_package.clone(), 1000, false).is_err());
+		assert!(!offered_htlc_1_package.can_merge_with(&offered_htlc_2_package, 1000, false));
+		assert!(offered_htlc_1_package.merge_package(offered_htlc_2_package.clone(), 1000, false).is_err());
 
-		assert!(!accepted_htlc_package.can_merge_with(&offered_htlc_1_package, 1000));
-		assert!(accepted_htlc_package.merge_package(offered_htlc_1_package.clone(), 1000).is_err());
-		assert!(!offered_htlc_1_package.can_merge_with(&accepted_htlc_package, 1000));
-		assert!(offered_htlc_1_package.merge_package(accepted_htlc_package.clone(), 1000).is_err());
+		assert!(!accepted_htlc_package.can_merge_with(&offered_htlc_1_package, 1000, false));
+		assert!(accepted_htlc_package.merge_package(offered_htlc_1_package.clone(), 1000, false).is_err());
+		assert!(!offered_htlc_1_package.can_merge_with(&accepted_htlc_package, 1000, false));
+		assert!(offered_htlc_1_package.merge_package(accepted_htlc_package.clone(), 1000, false).is_err());
 	}
 
 	#[test]
@@ -2043,15 +2060,15 @@ mod tests {
 		let future_outp_1_package = PackageTemplate::build_package(fake_txid(1), 2, future_outp_1.clone(), 0);
 		let future_outp_2_package = PackageTemplate::build_package(fake_txid(1), 3, future_outp_2.clone(), 0);
 
-		assert!(old_outp_1_package.can_merge_with(&old_outp_2_package, 1000));
-		assert!(old_outp_2_package.can_merge_with(&old_outp_1_package, 1000));
-		assert!(old_outp_1_package.clone().merge_package(old_outp_2_package.clone(), 1000).is_ok());
-		assert!(old_outp_2_package.clone().merge_package(old_outp_1_package.clone(), 1000).is_ok());
+		assert!(old_outp_1_package.can_merge_with(&old_outp_2_package, 1000, false));
+		assert!(old_outp_2_package.can_merge_with(&old_outp_1_package, 1000, false));
+		assert!(old_outp_1_package.clone().merge_package(old_outp_2_package.clone(), 1000, false).is_ok());
+		assert!(old_outp_2_package.clone().merge_package(old_outp_1_package.clone(), 1000, false).is_ok());
 
-		assert!(!future_outp_1_package.can_merge_with(&future_outp_2_package, 1000));
-		assert!(!future_outp_2_package.can_merge_with(&future_outp_1_package, 1000));
-		assert!(future_outp_1_package.clone().merge_package(future_outp_2_package.clone(), 1000).is_err());
-		assert!(future_outp_2_package.clone().merge_package(future_outp_1_package.clone(), 1000).is_err());
+		assert!(!future_outp_1_package.can_merge_with(&future_outp_2_package, 1000, false));
+		assert!(!future_outp_2_package.can_merge_with(&future_outp_1_package, 1000, false));
+		assert!(future_outp_1_package.clone().merge_package(future_outp_2_package.clone(), 1000, false).is_err());
+		assert!(future_outp_2_package.clone().merge_package(future_outp_1_package.clone(), 1000, false).is_err());
 	}
 
 	#[test]
@@ -2087,10 +2104,10 @@ mod tests {
 				for i in 0..clusters[a].len() {
 					for j in 0..clusters[b].len() {
 						if a != b {
-							assert!(!clusters[a][i].can_merge_with(clusters[b][j], 1000));
+							assert!(!clusters[a][i].can_merge_with(clusters[b][j], 1000, false));
 						} else {
 							if i != j {
-								assert!(clusters[a][i].can_merge_with(clusters[b][j], 1000));
+								assert!(clusters[a][i].can_merge_with(clusters[b][j], 1000, false));
 							}
 						}
 					}
@@ -2104,9 +2121,9 @@ mod tests {
 		];
 		for i in (1..packages.len()).rev() {
 			for j in 0..i {
-				if packages[i].can_merge_with(&packages[j], 1000) {
+				if packages[i].can_merge_with(&packages[j], 1000, false) {
 					let merge = packages.remove(i);
-					assert!(packages[j].merge_package(merge, 1000).is_ok());
+					assert!(packages[j].merge_package(merge, 1000, false).is_ok());
 				}
 			}
 		}
@@ -2122,8 +2139,8 @@ mod tests {
 		let counterparty_received_htlc = dumb_counterparty_received_output!(1_000_000, 900, ChannelTypeFeatures::only_static_remote_key());
 		let counterparty_received_htlc_package = PackageTemplate::build_package(fake_txid(2), 0, counterparty_received_htlc.clone(), 0);
 
-		assert!(!offered_htlc_package.can_merge_with(&counterparty_received_htlc_package, 1000));
-		assert!(offered_htlc_package.merge_package(counterparty_received_htlc_package.clone(), 1000).is_err());
+		assert!(!offered_htlc_package.can_merge_with(&counterparty_received_htlc_package, 1000, false));
+		assert!(offered_htlc_package.merge_package(counterparty_received_htlc_package.clone(), 1000, false).is_err());
 	}
 
 	#[test]
@@ -2137,8 +2154,8 @@ mod tests {
 		let package_two = PackageTemplate::build_package(fake_txid(1), 1, revk_outp_two, 1100);
 		let package_three = PackageTemplate::build_package(fake_txid(1), 2, revk_outp_three, 1100);
 
-		assert!(package_one.merge_package(package_two, 1000).is_ok());
-		assert!(package_one.merge_package(package_three, 1000).is_ok());
+		assert!(package_one.merge_package(package_two, 1000, false).is_ok());
+		assert!(package_one.merge_package(package_three, 1000, false).is_ok());
 		assert_eq!(package_one.outpoints().len(), 3);
 
 		if let Some(split_package) = package_one.split_package(&BitcoinOutPoint { txid: fake_txid(1), vout: 1 }) {