f - check that splice-out outputs can be paid for by channel balance

Author: jkczyz

lightning/src/ln/channel.rs

@@ -26,7 +26,7 @@ use bitcoin::secp256k1::{ecdsa::Signature, Secp256k1};
 use bitcoin::secp256k1::{PublicKey, SecretKey};
 use bitcoin::{secp256k1, sighash};
 #[cfg(splicing)]
-use bitcoin::{Sequence, TxIn};
+use bitcoin::{FeeRate, Sequence, TxIn};
 
 use crate::chain::chaininterface::{
 	fee_for_weight, ConfirmationTarget, FeeEstimator, LowerBoundedFeeEstimator,
@@ -5878,6 +5878,40 @@ fn get_v2_channel_reserve_satoshis(channel_value_satoshis: u64, dust_limit_satos
 	cmp::min(channel_value_satoshis, cmp::max(q, dust_limit_satoshis))
 }
 
+#[cfg(splicing)]
+fn check_splice_contribution_sufficient(
+	channel_balance: Amount, contribution: &SpliceContribution, is_initiator: bool,
+	funding_feerate: FeeRate,
+) -> Result<Amount, ChannelError> {
+	let contribution_amount = contribution.value();
+	if contribution_amount < SignedAmount::ZERO {
+		let estimated_fee = Amount::from_sat(estimate_v2_funding_transaction_fee(
+			is_initiator,
+			1, // spends the previous funding output
+			Weight::from_wu(FUNDING_TRANSACTION_WITNESS_WEIGHT),
+			funding_feerate.to_sat_per_kwu() as u32,
+		));
+
+		if channel_balance > contribution_amount.unsigned_abs() + estimated_fee {
+			Ok(estimated_fee)
+		} else {
+			Err(ChannelError::Warn(format!(
+				"Available channel balance {} is lower than needed for splicing out {}, considering fees of {}",
+				channel_balance, contribution_amount.unsigned_abs(), estimated_fee,
+			)))
+		}
+	} else {
+		check_v2_funding_inputs_sufficient(
+			contribution_amount.to_sat(),
+			contribution.inputs(),
+			is_initiator,
+			true,
+			funding_feerate.to_sat_per_kwu() as u32,
+		)
+		.map(Amount::from_sat)
+	}
+}
+
 /// Estimate our part of the fee of the new funding transaction.
 /// input_count: Number of contributed inputs.
 /// witness_weight: The witness weight for contributed inputs.
@@ -10671,42 +10705,48 @@ where
 			});
 		}
 
-		if our_funding_contribution < SignedAmount::ZERO {
-			// TODO(splicing): Check that channel balance does not go below the channel reserve
-			let post_channel_value = AddSigned::checked_add_signed(
-				self.funding.get_value_to_self_msat() / 1000,
-				our_funding_contribution.to_sat(),
-			);
-			// FIXME: Check that we can pay for the outputs from the channel value?
-			if post_channel_value.is_none() {
-				return Err(APIError::APIMisuseError {
-					err: format!(
-						"Channel {} cannot be spliced out; contribution exceeds the channel value: {}",
-						self.context.channel_id(),
-						our_funding_contribution,
-					),
-				});
-			}
-		} else {
-			// Note: post-splice channel value is not yet known at this point, counterparty contribution is not known
-			// (Cannot test for miminum required post-splice channel value)
+		// Note: post-splice channel value is not yet known at this point, counterparty contribution is not known
+		// (Cannot test for miminum required post-splice channel value)
 
-			// Check that inputs are sufficient to cover our contribution.
-			let _fee = check_v2_funding_inputs_sufficient(
-				our_funding_contribution.to_sat(),
-				contribution.inputs(),
-				true,
-				true,
-				funding_feerate_per_kw,
-			)
-			.map_err(|err| APIError::APIMisuseError {
+		let channel_balance = Amount::from_sat(self.funding.get_value_to_self_msat() / 1000);
+		let fees = check_splice_contribution_sufficient(
+			channel_balance,
+			&contribution,
+			true, // is_initiator
+			FeeRate::from_sat_per_kwu(funding_feerate_per_kw as u64),
+		)
+		.map_err(|e| {
+			let splice_type = if our_funding_contribution < SignedAmount::ZERO {
+				"spliced out"
+			} else {
+				"spliced in"
+			};
+			APIError::APIMisuseError {
 				err: format!(
-					"Insufficient inputs for splicing; channel ID {}, err {}",
+					"Channel {} cannot be {}; {}",
 					self.context.channel_id(),
-					err,
+					splice_type,
+					e,
 				),
-			})?;
-		}
+			}
+		})?;
+
+		// Fees for splice-out are paid from the channel balance whereas fees for splice-in are paid
+		// by the funding inputs.
+		let adjusted_funding_contribution = if our_funding_contribution < SignedAmount::ZERO {
+			let adjusted_funding_contribution = our_funding_contribution
+				+ fees.to_signed().expect("fees should never exceed splice-out value");
+
+			// TODO(splicing): Check that channel balance does not go below the channel reserve
+			let _post_channel_balance = AddSigned::checked_add_signed(
+				channel_balance.to_sat(),
+				adjusted_funding_contribution.to_sat(),
+			);
+
+			adjusted_funding_contribution
+		} else {
+			our_funding_contribution
+		};
 
 		for FundingTxInput { txin, prevtx, .. } in contribution.inputs().iter() {
 			const MESSAGE_TEMPLATE: msgs::TxAddInput = msgs::TxAddInput {
@@ -10732,7 +10772,7 @@ where
 		let (our_funding_inputs, our_funding_outputs, change_script) = contribution.into_tx_parts();
 		let funding_negotiation_context = FundingNegotiationContext {
 			is_initiator: true,
-			our_funding_contribution,
+			our_funding_contribution: adjusted_funding_contribution,
 			funding_tx_locktime: LockTime::from_consensus(locktime),
 			funding_feerate_sat_per_1000_weight: funding_feerate_per_kw,
 			shared_funding_input: Some(prev_funding_input),

lightning/src/ln/splicing_tests.rs

@@ -319,7 +319,7 @@ fn test_v1_splice_in_negative_insufficient_inputs() {
 	);
 	match res {
 		Err(APIError::APIMisuseError { err }) => {
-			assert!(err.contains("Insufficient inputs for splicing"))
+			assert!(err.contains("Need more inputs"))
 		},
 		_ => panic!("Wrong error {:?}", res.err().unwrap()),
 	}