Update next_funding_txid logic for channel_reestablish

jkczyz · wpaulino · jkczyz · commit 4a0e3434f6ba · 2025-07-11T12:03:39.000-05:00
The splicing spec updates the logic pertaining to next_funding_txid when
handling a channel_reestablish message. Specifically:

A receiving node:
  - if `next_funding_txid` is set:
    - if `next_funding_txid` matches the latest interactive funding transaction
      or the current channel funding transaction:
      - if `next_commitment_number` is equal to the commitment number of the
        `commitment_signed` message it sent for this funding transaction:
        - MUST retransmit its `commitment_signed` for that funding transaction.
      - if it has already received `commitment_signed` and it should sign first,
        as specified in the [`tx_signatures` requirements](#the-tx_signatures-message):
        - MUST send its `tx_signatures` for that funding transaction.
      - if it has already received `tx_signatures` for that funding transaction:
        - MUST send its `tx_signatures` for that funding transaction.
    - if it also sets `next_funding_txid` in its own `channel_reestablish`, but the
      values don't match:
      - MUST send an `error` and fail the channel.
    - otherwise:
      - MUST send `tx_abort` to let the sending node know that they can forget
        this funding transaction.

This commit updates FundedChannel::channel_reestablish accordingly.

Co-authored-by: Wilmer Paulino &lt;wilmer@wilmerpaulino.com&gt;
Co-authored-by: Jeffrey Czyz &lt;jkczyz@gmail.com&gt;
diff --git a/lightning/src/ln/channel.rs b/lightning/src/ln/channel.rs
@@ -8406,96 +8406,111 @@ where
 				.and_then(|_| self.get_channel_ready(logger))
 		} else { None };
 
-		if msg.next_local_commitment_number == next_counterparty_commitment_number {
-			if required_revoke.is_some() || self.context.signer_pending_revoke_and_ack {
-				log_debug!(logger, "Reconnected channel {} with only lost outbound RAA", &self.context.channel_id());
-			} else {
-				log_debug!(logger, "Reconnected channel {} with no loss", &self.context.channel_id());
-			}
+		let mut commitment_update = None;
+		let mut tx_signatures = None;
+		let mut tx_abort = None;
+
+		// if next_funding_txid is set:
+		if let Some(next_funding_txid) = msg.next_funding_txid {
+			// - if `next_funding_txid` matches the latest interactive funding transaction
+			//   or the current channel funding transaction:
+			if let Some(session) = &self.interactive_tx_signing_session {
+				let our_next_funding_txid = self.maybe_get_next_funding_txid();
+				if let Some(our_next_funding_txid) = our_next_funding_txid {
+					if our_next_funding_txid != next_funding_txid {
+						return Err(ChannelError::close(format!(
+							"Unexpected next_funding_txid: {}; expected: {}",
+							next_funding_txid, our_next_funding_txid,
+						)));
+					}
 
-			// if next_funding_txid is set:
-			let (commitment_update, tx_signatures, tx_abort) = if let Some(next_funding_txid) = msg.next_funding_txid {
-				if let Some(session) = &self.interactive_tx_signing_session {
-					// if next_funding_txid matches the latest interactive funding transaction:
-					let our_next_funding_txid = session.unsigned_tx().compute_txid();
-					if our_next_funding_txid == next_funding_txid {
-						debug_assert_eq!(session.unsigned_tx().compute_txid(), self.maybe_get_next_funding_txid().unwrap());
-
-						let commitment_update = if !self.context.channel_state.is_their_tx_signatures_sent() && msg.next_local_commitment_number == 0 {
-							// if it has not received tx_signatures for that funding transaction AND
-							// if next_commitment_number is zero:
-							//   MUST retransmit its commitment_signed for that funding transaction.
-							let commitment_signed = self.context.get_initial_commitment_signed(&self.funding, logger)
-								// TODO(splicing): Support async signing
-								.ok_or_else(|| ChannelError::Close(
-										(
-											"Failed to get signatures for new commitment_signed".to_owned(),
-											ClosureReason::HolderForceClosed { broadcasted_latest_txn: Some(false) },
-										)
-								))?;
-							Some(msgs::CommitmentUpdate {
-								commitment_signed: vec![commitment_signed],
-								update_add_htlcs: vec![],
-								update_fulfill_htlcs: vec![],
-								update_fail_htlcs: vec![],
-								update_fail_malformed_htlcs: vec![],
-								update_fee: None,
-							})
-						} else { None };
+					if !session.has_received_commitment_signed() {
+						self.context.expecting_peer_commitment_signed = true;
+					}
+
+					// - if `next_commitment_number` is equal to the commitment number of the
+					//   `commitment_signed` message it sent for this funding transaction:
+					//   -  MUST retransmit its `commitment_signed` for that funding transaction.
+					if msg.next_local_commitment_number == next_counterparty_commitment_number {
+						// `next_counterparty_commitment_number` is guaranteed to always be the
+						// commitment number of the `commitment_signed` message we sent for this
+						// funding transaction. If they set `next_funding_txid`, then they should
+						// not have processed our `tx_signatures` yet, which implies that our state
+						// machine is still paused and no updates can happen that would increment
+						// our `next_counterparty_commitment_number`.
+						//
+						// If they did set `next_funding_txid` even after processing our
+						// `tx_signatures` erroneously, this may end up resulting in a force close.
+						//
 						// TODO(dual_funding): For async signing support we need to hold back `tx_signatures` until the `commitment_signed` is ready.
-						let tx_signatures = if (
-							// if it has not received tx_signatures for that funding transaction AND
-							// if it has already received commitment_signed AND it should sign first, as specified in the tx_signatures requirements:
-							//   MUST send its tx_signatures for that funding transaction.
-							!self.context.channel_state.is_their_tx_signatures_sent() && session.has_received_commitment_signed() && session.holder_sends_tx_signatures_first()
-							// else if it has already received tx_signatures for that funding transaction:
-							//   MUST send its tx_signatures for that funding transaction.
-						) || self.context.channel_state.is_their_tx_signatures_sent() {
-							if self.context.channel_state.is_monitor_update_in_progress() {
-								// The `monitor_pending_tx_signatures` field should have already been set in `commitment_signed_initial_v2`
-								// if we were up first for signing and had a monitor update in progress, but check again just in case.
-								debug_assert!(self.context.monitor_pending_tx_signatures.is_some(), "monitor_pending_tx_signatures should already be set");
-								log_debug!(logger, "Not sending tx_signatures: a monitor update is in progress. Setting monitor_pending_tx_signatures.");
-								if self.context.monitor_pending_tx_signatures.is_none() {
-									self.context.monitor_pending_tx_signatures = session.holder_tx_signatures().clone();
-								}
-								None
-							} else {
-								// If `holder_tx_signatures` is `None` here, the `tx_signatures` message will be sent
-								// when the holder provides their witnesses as this will queue a `tx_signatures` if the
-								// holder must send one.
-								session.holder_tx_signatures().clone()
+						let commitment_signed = self.context.get_initial_commitment_signed(&self.funding, logger)
+							// TODO(splicing): Support async signing
+							.ok_or_else(|| ChannelError::Close(
+									(
+										"Failed to get signatures for new commitment_signed".to_owned(),
+										ClosureReason::HolderForceClosed { broadcasted_latest_txn: Some(false) },
+									)
+							))?;
+						commitment_update = Some(msgs::CommitmentUpdate {
+							commitment_signed: vec![commitment_signed],
+							update_add_htlcs: vec![],
+							update_fulfill_htlcs: vec![],
+							update_fail_htlcs: vec![],
+							update_fail_malformed_htlcs: vec![],
+							update_fee: None,
+						});
+					}
+
+					// - if it has already received `commitment_signed` and it should sign first,
+					//   as specified in the [`tx_signatures` requirements](#the-tx_signatures-message):
+					//   - MUST send its `tx_signatures` for that funding transaction.
+					//
+					// - if it has already received `tx_signatures` for that funding transaction:
+					//   - MUST send its `tx_signatures` for that funding transaction.
+					if (session.has_received_commitment_signed() && session.holder_sends_tx_signatures_first())
+						|| self.context.channel_state.is_their_tx_signatures_sent()
+					{
+						if self.context.channel_state.is_monitor_update_in_progress() {
+							// The `monitor_pending_tx_signatures` field should have already been
+							// set in `commitment_signed_initial_v2` if we were up first for signing
+							// and had a monitor update in progress.
+							if session.holder_sends_tx_signatures_first() {
+								debug_assert!(self.context.monitor_pending_tx_signatures.is_some());
 							}
 						} else {
-							None
-						};
-						if !session.has_received_commitment_signed() {
-							self.context.expecting_peer_commitment_signed = true;
+							// If `holder_tx_signatures` is `None` here, the `tx_signatures` message
+							// will be sent when the user provides their witnesses.
+							tx_signatures = session.holder_tx_signatures().clone()
 						}
-						(commitment_update, tx_signatures, None)
-					} else {
-						// The `next_funding_txid` does not match the latest interactive funding transaction so we
-						// MUST send tx_abort to let the remote  know that they can forget this funding transaction.
-						(None, None, Some(msgs::TxAbort {
-							channel_id: self.context.channel_id(),
-							data: format!(
-								"next_funding_txid {} does match our latest interactive funding txid {}",
-								next_funding_txid, our_next_funding_txid,
-							).into_bytes() }))
 					}
 				} else {
-					// We'll just send a `tx_abort` here if we don't have a signing session for this channel
-					// on reestablish and tell our peer to just forget about it.
-					// Our peer is doing something strange, but it doesn't warrant closing the channel.
-					(None, None, Some(msgs::TxAbort {
+					// The `next_funding_txid` does not match the latest interactive funding
+					// transaction so we MUST send tx_abort to let the remote know that they can
+					// forget this funding transaction.
+					tx_abort = Some(msgs::TxAbort {
 						channel_id: self.context.channel_id(),
-						data:
-							"No active signing session. The associated funding transaction may have already been broadcast.".as_bytes().to_vec() }))
+						data: format!(
+							"Unexpected next_funding_txid {}",
+							next_funding_txid,
+						).into_bytes() });
 				}
 			} else {
-				// Don't send anything related to interactive signing if `next_funding_txid` is not set.
-				(None, None, None)
-			};
+				// We'll just send a `tx_abort` here if we don't have a signing session for this channel
+				// on reestablish and tell our peer to just forget about it.
+				// Our peer is doing something strange, but it doesn't warrant closing the channel.
+				tx_abort = Some(msgs::TxAbort {
+					channel_id: self.context.channel_id(),
+					data:
+						"No active signing session. The associated funding transaction may have already been broadcast.".as_bytes().to_vec() });
+			}
+		}
+
+		if msg.next_local_commitment_number == next_counterparty_commitment_number {
+			if required_revoke.is_some() || self.context.signer_pending_revoke_and_ack {
+				log_debug!(logger, "Reconnected channel {} with only lost outbound RAA", &self.context.channel_id());
+			} else {
+				log_debug!(logger, "Reconnected channel {} with no loss", &self.context.channel_id());
+			}
 
 			Ok(ReestablishResponses {
 				channel_ready, shutdown_msg, announcement_sigs,
@@ -8506,6 +8521,11 @@ where
 				tx_abort,
 			})
 		} else if msg.next_local_commitment_number == next_counterparty_commitment_number - 1 {
+			// We've made an update so we must have exchanged `tx_signatures`, implying that
+			// `commitment_signed` was also exchanged. However, we may still need to retransmit our
+			// `tx_signatures` if the counterparty sent theirs first but didn't get to process ours.
+			debug_assert!(commitment_update.is_none());
+
 			if required_revoke.is_some() || self.context.signer_pending_revoke_and_ack {
 				log_debug!(logger, "Reconnected channel {} with lost outbound RAA and lost remote commitment tx", &self.context.channel_id());
 			} else {
@@ -8518,8 +8538,8 @@ where
 					channel_ready, shutdown_msg, announcement_sigs,
 					commitment_update: None, raa: None,
 					order: self.context.resend_order.clone(),
-					tx_signatures: None,
-					tx_abort: None,
+					tx_signatures,
+					tx_abort,
 				})
 			} else {
 				let commitment_update = if self.context.resend_order == RAACommitmentOrder::RevokeAndACKFirst
@@ -8542,8 +8562,8 @@ where
 					channel_ready, shutdown_msg, announcement_sigs,
 					raa, commitment_update,
 					order: self.context.resend_order.clone(),
-					tx_signatures: None,
-					tx_abort: None,
+					tx_signatures,
+					tx_abort,
 				})
 			}
 		} else if msg.next_local_commitment_number < next_counterparty_commitment_number {
