@@ -1130,10 +1130,9 @@ struct CommitmentData<'a> {
11301130
11311131/// A struct gathering stats on a commitment transaction, either local or remote.
11321132struct CommitmentStats {
1133- total_fee_sat: u64, // the total fee included in the transaction
1134- total_anchors_sat: u64, // the sum of the anchors' amounts
1135- local_balance_before_fee_anchors_msat: u64, // local balance before fees and anchors *not* considering dust limits
1136- remote_balance_before_fee_anchors_msat: u64, // remote balance before fees and anchors *not* considering dust limits
1133+ total_fee_sat: u64, // the total fee included in the transaction
1134+ local_balance_before_fee_msat: u64, // local balance before fees and anchors *not* considering dust limits
1135+ remote_balance_before_fee_msat: u64, // remote balance before fees and anchors *not* considering dust limits
11371136}
11381137
11391138/// Used when calculating whether we or the remote can afford an additional HTLC.
@@ -4235,7 +4234,7 @@ where
42354234 if update_fee {
42364235 debug_assert!(!funding.is_outbound());
42374236 let counterparty_reserve_we_require_msat = funding.holder_selected_channel_reserve_satoshis * 1000;
4238- if commitment_data.stats.remote_balance_before_fee_anchors_msat < commitment_data.stats.total_fee_sat * 1000 + commitment_data.stats.total_anchors_sat * 1000 + counterparty_reserve_we_require_msat {
4237+ if commitment_data.stats.remote_balance_before_fee_msat < commitment_data.stats.total_fee_sat * 1000 + counterparty_reserve_we_require_msat {
42394238 return Err(ChannelError::close("Funding remote cannot afford proposed new fee".to_owned()));
42404239 }
42414240 }
@@ -4327,8 +4326,8 @@ where
43274326 &holder_commitment_point.current_point(), true, true, logger,
43284327 );
43294328 let buffer_fee_msat = commit_tx_fee_sat(feerate_per_kw, commitment_data.tx.nondust_htlcs().len() + htlc_stats.on_holder_tx_outbound_holding_cell_htlcs_count as usize + CONCURRENT_INBOUND_HTLC_FEE_BUFFER as usize, funding.get_channel_type()) * 1000;
4330- let holder_balance_msat = commitment_data.stats.local_balance_before_fee_anchors_msat - htlc_stats.outbound_holding_cell_msat;
4331- if holder_balance_msat < buffer_fee_msat + commitment_data.stats.total_anchors_sat * 1000 + funding.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000 {
4329+ let holder_balance_msat = commitment_data.stats.local_balance_before_fee_msat - htlc_stats.outbound_holding_cell_msat;
4330+ if holder_balance_msat < buffer_fee_msat + funding.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000 {
43324331 //TODO: auto-close after a number of failures?
43334332 log_debug!(logger, "Cannot afford to send new feerate at {}", feerate_per_kw);
43344333 return false;
@@ -4518,11 +4517,23 @@ where
45184517 let total_fee_sat = commit_tx_fee_sat(feerate_per_kw, non_dust_htlc_count, &funding.channel_transaction_parameters.channel_type_features);
45194518 let total_anchors_sat = if funding.channel_transaction_parameters.channel_type_features.supports_anchors_zero_fee_htlc_tx() { ANCHOR_OUTPUT_VALUE_SATOSHI * 2 } else { 0 };
45204519
4520+ // We MUST use saturating subs here, as the funder's balance is not guaranteed to be greater
4521+ // than or equal to `total_anchors_sat`.
4522+ //
4523+ // This is because when the remote party sends an `update_fee` message, we build the new
4524+ // commitment transaction *before* checking whether the remote party's balance is enough to
4525+ // cover the total anchor sum.
4526+
4527+ if funding.is_outbound() {
4528+ value_to_self_msat = value_to_self_msat.saturating_sub(total_anchors_sat * 1000);
4529+ } else {
4530+ value_to_remote_msat = value_to_remote_msat.saturating_sub(total_anchors_sat * 1000);
4531+ }
4532+
45214533 CommitmentStats {
45224534 total_fee_sat,
4523- total_anchors_sat,
4524- local_balance_before_fee_anchors_msat: value_to_self_msat,
4525- remote_balance_before_fee_anchors_msat: value_to_remote_msat,
4535+ local_balance_before_fee_msat: value_to_self_msat,
4536+ remote_balance_before_fee_msat: value_to_remote_msat,
45264537 }
45274538 }
45284539
@@ -4550,9 +4561,8 @@ where
45504561 let stats = self.build_commitment_stats(funding, local, generated_by_local);
45514562 let CommitmentStats {
45524563 total_fee_sat,
4553- total_anchors_sat,
4554- local_balance_before_fee_anchors_msat,
4555- remote_balance_before_fee_anchors_msat
4564+ local_balance_before_fee_msat,
4565+ remote_balance_before_fee_msat
45564566 } = stats;
45574567
45584568 let num_htlcs = self.pending_inbound_htlcs.len() + self.pending_outbound_htlcs.len();
@@ -4623,9 +4633,9 @@ where
46234633 // cover the total fee and the anchors.
46244634
46254635 let (value_to_self, value_to_remote) = if funding.is_outbound() {
4626- ((local_balance_before_fee_anchors_msat / 1000).saturating_sub(total_anchors_sat).saturating_sub( total_fee_sat), remote_balance_before_fee_anchors_msat / 1000)
4636+ ((local_balance_before_fee_msat / 1000).saturating_sub(total_fee_sat), remote_balance_before_fee_msat / 1000)
46274637 } else {
4628- (local_balance_before_fee_anchors_msat / 1000, (remote_balance_before_fee_anchors_msat / 1000).saturating_sub(total_anchors_sat ).saturating_sub(total_fee_sat))
4638+ (local_balance_before_fee_msat / 1000, (remote_balance_before_fee_msat / 1000).saturating_sub(total_fee_sat))
46294639 };
46304640
46314641 let mut to_broadcaster_value_sat = if local { value_to_self } else { value_to_remote };
0 commit comments