Add splice-out support

jkczyz · jkczyz · commit 2b57d4c0d6e6 · 2025-08-07T16:20:12.000-05:00
Update SpliceContribution with a variant used to support splice-out
(i.e., removing funds from a channel). The TxOut values must not exceed
the users channel balance after accounting for fees and the reserve
requirement.
diff --git a/lightning/src/ln/channel.rs b/lightning/src/ln/channel.rs
@@ -5983,6 +5983,9 @@ pub(super) struct FundingNegotiationContext {
 	/// The funding inputs we will be contributing to the channel.
 	#[allow(dead_code)] // TODO(dual_funding): Remove once contribution to V2 channels is enabled.
 	pub our_funding_inputs: Vec<FundingTxInput>,
+	/// The funding outputs we will be contributing to the channel.
+	#[allow(dead_code)] // TODO(dual_funding): Remove once contribution to V2 channels is enabled.
+	pub our_funding_outputs: Vec<TxOut>,
 	/// The change output script. This will be used if needed or -- if not set -- generated using
 	/// `SignerProvider::get_destination_script`.
 	#[allow(dead_code)] // TODO(splicing): Remove once splicing is enabled.
@@ -6012,45 +6015,47 @@ impl FundingNegotiationContext {
 			debug_assert!(matches!(context.channel_state, ChannelState::NegotiatingFunding(_)));
 		}
 
-		// Add output for funding tx
 		// Note: For the error case when the inputs are insufficient, it will be handled after
 		// the `calculate_change_output_value` call below
-		let mut funding_outputs = Vec::new();
 
 		let shared_funding_output = TxOut {
 			value: Amount::from_sat(funding.get_value_satoshis()),
 			script_pubkey: funding.get_funding_redeemscript().to_p2wsh(),
 		};
 
 		// Optionally add change output
-		if self.our_funding_contribution > SignedAmount::ZERO {
-			let change_value_opt = calculate_change_output_value(
+		let change_value_opt = if self.our_funding_contribution > SignedAmount::ZERO {
+			calculate_change_output_value(
 				&self,
 				self.shared_funding_input.is_some(),
 				&shared_funding_output.script_pubkey,
-				&funding_outputs,
 				context.holder_dust_limit_satoshis,
-			)?;
-			if let Some(change_value) = change_value_opt {
-				let change_script = if let Some(script) = self.change_script {
-					script
-				} else {
-					signer_provider
-						.get_destination_script(context.channel_keys_id)
-						.map_err(|_err| AbortReason::InternalError("Error getting change script"))?
-				};
-				let mut change_output =
-					TxOut { value: Amount::from_sat(change_value), script_pubkey: change_script };
-				let change_output_weight = get_output_weight(&change_output.script_pubkey).to_wu();
-				let change_output_fee =
-					fee_for_weight(self.funding_feerate_sat_per_1000_weight, change_output_weight);
-				let change_value_decreased_with_fee =
-					change_value.saturating_sub(change_output_fee);
-				// Check dust limit again
-				if change_value_decreased_with_fee > context.holder_dust_limit_satoshis {
-					change_output.value = Amount::from_sat(change_value_decreased_with_fee);
-					funding_outputs.push(change_output);
-				}
+			)?
+		} else {
+			None
+		};
+
+		let mut funding_outputs = self.our_funding_outputs;
+
+		if let Some(change_value) = change_value_opt {
+			let change_script = if let Some(script) = self.change_script {
+				script
+			} else {
+				signer_provider
+					.get_destination_script(context.channel_keys_id)
+					.map_err(|_err| AbortReason::InternalError("Error getting change script"))?
+			};
+			let mut change_output =
+				TxOut { value: Amount::from_sat(change_value), script_pubkey: change_script };
+			let change_output_weight = get_output_weight(&change_output.script_pubkey).to_wu();
+			let change_output_fee =
+				fee_for_weight(self.funding_feerate_sat_per_1000_weight, change_output_weight);
+			let change_value_decreased_with_fee =
+				change_value.saturating_sub(change_output_fee);
+			// Check dust limit again
+			if change_value_decreased_with_fee > context.holder_dust_limit_satoshis {
+				change_output.value = Amount::from_sat(change_value_decreased_with_fee);
+				funding_outputs.push(change_output);
 			}
 		}
 
@@ -10646,43 +10651,84 @@ where
 		if our_funding_contribution > SignedAmount::MAX_MONEY {
 			return Err(APIError::APIMisuseError {
 				err: format!(
-					"Channel {} cannot be spliced; contribution exceeds total bitcoin supply: {}",
+					"Channel {} cannot be spliced in; contribution exceeds total bitcoin supply: {}",
 					self.context.channel_id(),
 					our_funding_contribution,
 				),
 			});
 		}
 
-		if our_funding_contribution < SignedAmount::ZERO {
+		if our_funding_contribution < -SignedAmount::MAX_MONEY {
 			return Err(APIError::APIMisuseError {
 				err: format!(
-				"TODO(splicing): Splice-out not supported, only splice in; channel ID {}, contribution {}",
-				self.context.channel_id(), our_funding_contribution,
-			),
+					"Channel {} cannot be spliced out; contribution exceeds total bitcoin supply: {}",
+					self.context.channel_id(),
+					our_funding_contribution,
+				),
 			});
 		}
 
-		// TODO(splicing): Once splice-out is supported, check that channel balance does not go below 0
-		// (or below channel reserve)
+		let funding_inputs = contribution.inputs();
+		let funding_outputs = contribution.outputs();
+		if !funding_inputs.is_empty() && !funding_outputs.is_empty() {
+			return Err(APIError::APIMisuseError {
+				err: format!(
+					"Channel {} cannot be both spliced in and out; operation not supported",
+					self.context.channel_id(),
+				),
+			});
+		}
+
+		if our_funding_contribution < SignedAmount::ZERO {
+			// TODO(splicing): Check that channel balance does not go below the channel reserve
+			let post_channel_value = AddSigned::checked_add_signed(
+				self.funding.get_value_satoshis(),
+				our_funding_contribution.to_sat(),
+			);
+			// FIXME: Should we check value_to_self instead? Do HTLCs need to be accounted for?
+			// FIXME: Check that we can pay for the outputs from the channel value?
+			if post_channel_value.is_none() {
+				return Err(APIError::APIMisuseError {
+					err: format!(
+						"Channel {} cannot be spliced out; contribution exceeds the channel value: {}",
+						self.context.channel_id(),
+						our_funding_contribution,
+					),
+				});
+			}
 
-		// Note: post-splice channel value is not yet known at this point, counterparty contribution is not known
-		// (Cannot test for miminum required post-splice channel value)
+			let value_removed: Amount =
+				contribution.outputs().iter().map(|txout| txout.value).sum();
+			let negated_value_removed = -value_removed.to_signed().unwrap_or(SignedAmount::MAX);
+			if negated_value_removed != our_funding_contribution {
+				return Err(APIError::APIMisuseError {
+					err: format!(
+						"Channel {} cannot be spliced out; unexpected txout amounts: {}",
+						self.context.channel_id(),
+						value_removed,
+					),
+				});
+			}
+		} else {
+			// Note: post-splice channel value is not yet known at this point, counterparty contribution is not known
+			// (Cannot test for miminum required post-splice channel value)
 
-		// Check that inputs are sufficient to cover our contribution.
-		let _fee = check_v2_funding_inputs_sufficient(
-			our_funding_contribution.to_sat(),
-			contribution.inputs(),
-			true,
-			true,
-			funding_feerate_per_kw,
-		)
-		.map_err(|err| APIError::APIMisuseError {
-			err: format!(
-				"Insufficient inputs for splicing; channel ID {}, err {}",
-				self.context.channel_id(),
-				err,
-			),
-		})?;
+			// Check that inputs are sufficient to cover our contribution.
+			let _fee = check_v2_funding_inputs_sufficient(
+				our_funding_contribution.to_sat(),
+				contribution.inputs(),
+				true,
+				true,
+				funding_feerate_per_kw,
+			)
+			.map_err(|err| APIError::APIMisuseError {
+				err: format!(
+					"Insufficient inputs for splicing; channel ID {}, err {}",
+					self.context.channel_id(),
+					err,
+				),
+			})?;
+		}
 
 		for FundingTxInput { txin, prevtx, .. } in contribution.inputs().iter() {
 			const MESSAGE_TEMPLATE: msgs::TxAddInput = msgs::TxAddInput {
@@ -10705,14 +10751,15 @@ where
 		}
 
 		let prev_funding_input = self.funding.to_splice_funding_input();
-		let (our_funding_inputs, change_script) = contribution.into_tx_parts();
+		let (our_funding_inputs, our_funding_outputs, change_script) = contribution.into_tx_parts();
 		let funding_negotiation_context = FundingNegotiationContext {
 			is_initiator: true,
 			our_funding_contribution,
 			funding_tx_locktime: LockTime::from_consensus(locktime),
 			funding_feerate_sat_per_1000_weight: funding_feerate_per_kw,
 			shared_funding_input: Some(prev_funding_input),
 			our_funding_inputs,
+			our_funding_outputs,
 			change_script,
 		};
 
@@ -10835,6 +10882,7 @@ where
 			funding_feerate_sat_per_1000_weight: msg.funding_feerate_per_kw,
 			shared_funding_input: Some(prev_funding_input),
 			our_funding_inputs: Vec::new(),
+			our_funding_outputs: Vec::new(),
 			change_script: None,
 		};
 
@@ -12533,6 +12581,7 @@ where
 			funding_feerate_sat_per_1000_weight,
 			shared_funding_input: None,
 			our_funding_inputs: funding_inputs,
+			our_funding_outputs: Vec::new(),
 			change_script: None,
 		};
 		let chan = Self {
@@ -12687,6 +12736,7 @@ where
 			funding_feerate_sat_per_1000_weight: msg.funding_feerate_sat_per_1000_weight,
 			shared_funding_input: None,
 			our_funding_inputs: our_funding_inputs.clone(),
+			our_funding_outputs: Vec::new(),
 			change_script: None,
 		};
 		let shared_funding_output = TxOut {
@@ -12710,7 +12760,7 @@ where
 				inputs_to_contribute,
 				shared_funding_input: None,
 				shared_funding_output: SharedOwnedOutput::new(shared_funding_output, our_funding_contribution_sats),
-				outputs_to_contribute: Vec::new(),
+				outputs_to_contribute: funding_negotiation_context.our_funding_outputs.clone(),
 			}
 		).map_err(|err| {
 			let reason = ClosureReason::ProcessingError { err: err.to_string() };
diff --git a/lightning/src/ln/channelmanager.rs b/lightning/src/ln/channelmanager.rs
@@ -32,7 +32,7 @@ use bitcoin::secp256k1::Secp256k1;
 use bitcoin::secp256k1::{PublicKey, SecretKey};
 use bitcoin::{secp256k1, Sequence, SignedAmount, TxIn, Weight};
 #[cfg(splicing)]
-use bitcoin::{Amount, ScriptBuf};
+use bitcoin::{Amount, ScriptBuf, TxOut};
 
 use crate::blinded_path::message::MessageForwardNode;
 use crate::blinded_path::message::{AsyncPaymentsContext, OffersContext};
@@ -216,6 +216,14 @@ pub enum SpliceContribution {
 		/// generated using `SignerProvider::get_destination_script`.
 		change_script: Option<ScriptBuf>,
 	},
+	/// When only outputs are contributed to then funding transaction.
+	SpliceOut {
+		/// The amount to remove from the channel.
+		value: Amount,
+		/// The outputs used for removing the amount. The total value of all outputs must equal
+		/// [`SpliceOut::value`].
+		outputs: Vec<TxOut>,
+	},
 }
 
 #[cfg(splicing)]
@@ -225,18 +233,32 @@ impl SpliceContribution {
 			SpliceContribution::SpliceIn { value, .. } => {
 				value.to_signed().unwrap_or(SignedAmount::MAX)
 			},
+			SpliceContribution::SpliceOut { value, .. } => {
+				value.to_signed().map(|value| -value).unwrap_or(SignedAmount::MIN)
+			},
 		}
 	}
 
 	pub(super) fn inputs(&self) -> &[FundingTxInput] {
 		match self {
 			SpliceContribution::SpliceIn { inputs, .. } => &inputs[..],
+			SpliceContribution::SpliceOut { .. } => &[],
+		}
+	}
+
+	pub(super) fn outputs(&self) -> &[TxOut] {
+		match self {
+			SpliceContribution::SpliceIn { .. } => &[],
+			SpliceContribution::SpliceOut { outputs, .. } => &outputs[..],
 		}
 	}
 
-	pub(super) fn into_tx_parts(self) -> (Vec<FundingTxInput>, Option<ScriptBuf>) {
+	pub(super) fn into_tx_parts(self) -> (Vec<FundingTxInput>, Vec<TxOut>, Option<ScriptBuf>) {
 		match self {
-			SpliceContribution::SpliceIn { inputs, change_script, .. } => (inputs, change_script),
+			SpliceContribution::SpliceIn { inputs, change_script, .. } => {
+				(inputs, vec![], change_script)
+			},
+			SpliceContribution::SpliceOut { outputs, .. } => (vec![], outputs, None),
 		}
 	}
 }
diff --git a/lightning/src/ln/interactivetxs.rs b/lightning/src/ln/interactivetxs.rs
@@ -1878,7 +1878,7 @@ impl InteractiveTxConstructor {
 /// - `change_output_dust_limit` - The dust limit (in sats) to consider.
 pub(super) fn calculate_change_output_value(
 	context: &FundingNegotiationContext, is_splice: bool, shared_output_funding_script: &ScriptBuf,
-	funding_outputs: &Vec<TxOut>, change_output_dust_limit: u64,
+	change_output_dust_limit: u64,
 ) -> Result<Option<u64>, AbortReason> {
 	assert!(context.our_funding_contribution > SignedAmount::ZERO);
 	let our_funding_contribution_satoshis = context.our_funding_contribution.to_sat() as u64;
@@ -1900,6 +1900,7 @@ pub(super) fn calculate_change_output_value(
 		our_funding_inputs_weight = our_funding_inputs_weight.saturating_add(weight);
 	}
 
+	let funding_outputs = &context.our_funding_outputs;
 	let total_output_satoshis =
 		funding_outputs.iter().fold(0u64, |total, out| total.saturating_add(out.value.to_sat()));
 	let our_funding_outputs_weight = funding_outputs.iter().fold(0u64, |weight, out| {
@@ -2993,17 +2994,18 @@ mod tests {
 			funding_feerate_sat_per_1000_weight,
 			shared_funding_input: None,
 			our_funding_inputs: inputs,
+			our_funding_outputs: outputs,
 			change_script: None,
 		};
 		assert_eq!(
-			calculate_change_output_value(&context, false, &ScriptBuf::new(), &outputs, 300),
+			calculate_change_output_value(&context, false, &ScriptBuf::new(), 300),
 			Ok(Some(gross_change - fees - common_fees)),
 		);
 
 		// There is leftover for change, without common fees
 		let context = FundingNegotiationContext { is_initiator: false, ..context };
 		assert_eq!(
-			calculate_change_output_value(&context, false, &ScriptBuf::new(), &outputs, 300),
+			calculate_change_output_value(&context, false, &ScriptBuf::new(), 300),
 			Ok(Some(gross_change - fees)),
 		);
 
@@ -3014,7 +3016,7 @@ mod tests {
 			..context
 		};
 		assert_eq!(
-			calculate_change_output_value(&context, false, &ScriptBuf::new(), &outputs, 300),
+			calculate_change_output_value(&context, false, &ScriptBuf::new(), 300),
 			Err(AbortReason::InsufficientFees),
 		);
 
@@ -3025,7 +3027,7 @@ mod tests {
 			..context
 		};
 		assert_eq!(
-			calculate_change_output_value(&context, false, &ScriptBuf::new(), &outputs, 300),
+			calculate_change_output_value(&context, false, &ScriptBuf::new(), 300),
 			Ok(None),
 		);
 
@@ -3036,7 +3038,7 @@ mod tests {
 			..context
 		};
 		assert_eq!(
-			calculate_change_output_value(&context, false, &ScriptBuf::new(), &outputs, 100),
+			calculate_change_output_value(&context, false, &ScriptBuf::new(), 100),
 			Ok(Some(262)),
 		);
 
@@ -3048,7 +3050,7 @@ mod tests {
 			..context
 		};
 		assert_eq!(
-			calculate_change_output_value(&context, false, &ScriptBuf::new(), &outputs, 300),
+			calculate_change_output_value(&context, false, &ScriptBuf::new(), 300),
 			Ok(Some(4060)),
 		);
 	}
