@@ -1130,10 +1130,9 @@ struct CommitmentData<'a> {
11301130
11311131/// A struct gathering stats on a commitment transaction, either local or remote.
11321132struct CommitmentStats {
1133- total_fee_sat: u64, // the total fee included in the transaction
1134- total_anchors_sat: u64, // the sum of the anchors' amounts
1135- local_balance_before_fee_anchors_msat: u64, // local balance before fees and anchors *not* considering dust limits
1136- remote_balance_before_fee_anchors_msat: u64, // remote balance before fees and anchors *not* considering dust limits
1133+ total_fee_sat: u64, // the total fee included in the transaction
1134+ local_balance_before_fee_msat: u64, // local balance before fees and anchors *not* considering dust limits
1135+ remote_balance_before_fee_msat: u64, // remote balance before fees and anchors *not* considering dust limits
11371136}
11381137
11391138/// Used when calculating whether we or the remote can afford an additional HTLC.
@@ -4235,7 +4234,7 @@ where
42354234 if update_fee {
42364235 debug_assert!(!funding.is_outbound());
42374236 let counterparty_reserve_we_require_msat = funding.holder_selected_channel_reserve_satoshis * 1000;
4238- if commitment_data.stats.remote_balance_before_fee_anchors_msat < commitment_data.stats.total_fee_sat * 1000 + commitment_data.stats.total_anchors_sat * 1000 + counterparty_reserve_we_require_msat {
4237+ if commitment_data.stats.remote_balance_before_fee_msat < commitment_data.stats.total_fee_sat * 1000 + counterparty_reserve_we_require_msat {
42394238 return Err(ChannelError::close("Funding remote cannot afford proposed new fee".to_owned()));
42404239 }
42414240 }
@@ -4327,8 +4326,8 @@ where
43274326 &holder_commitment_point.current_point(), true, true, logger,
43284327 );
43294328 let buffer_fee_msat = commit_tx_fee_sat(feerate_per_kw, commitment_data.tx.nondust_htlcs().len() + htlc_stats.on_holder_tx_outbound_holding_cell_htlcs_count as usize + CONCURRENT_INBOUND_HTLC_FEE_BUFFER as usize, funding.get_channel_type()) * 1000;
4330- let holder_balance_msat = commitment_data.stats.local_balance_before_fee_anchors_msat - htlc_stats.outbound_holding_cell_msat;
4331- if holder_balance_msat < buffer_fee_msat + commitment_data.stats.total_anchors_sat * 1000 + funding.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000 {
4329+ let holder_balance_msat = commitment_data.stats.local_balance_before_fee_msat - htlc_stats.outbound_holding_cell_msat;
4330+ if holder_balance_msat < buffer_fee_msat + funding.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000 {
43324331 //TODO: auto-close after a number of failures?
43334332 log_debug!(logger, "Cannot afford to send new feerate at {}", feerate_per_kw);
43344333 return false;
@@ -4509,11 +4508,23 @@ where
45094508 let total_fee_sat = commit_tx_fee_sat(feerate_per_kw, non_dust_htlc_count, &funding.channel_transaction_parameters.channel_type_features);
45104509 let total_anchors_sat = if funding.channel_transaction_parameters.channel_type_features.supports_anchors_zero_fee_htlc_tx() { ANCHOR_OUTPUT_VALUE_SATOSHI * 2 } else { 0 };
45114510
4511+ // We MUST use saturating subs here, as the funder's balance is not guaranteed to be greater
4512+ // than or equal to `total_anchors_sat`.
4513+ //
4514+ // This is because when the remote party sends an `update_fee` message, we build the new
4515+ // commitment transaction *before* checking whether the remote party's balance is enough to
4516+ // cover the total anchor sum.
4517+
4518+ if funding.is_outbound() {
4519+ value_to_self_msat = value_to_self_msat.saturating_sub(total_anchors_sat * 1000);
4520+ } else {
4521+ value_to_remote_msat = value_to_remote_msat.saturating_sub(total_anchors_sat * 1000);
4522+ }
4523+
45124524 CommitmentStats {
45134525 total_fee_sat,
4514- total_anchors_sat,
4515- local_balance_before_fee_anchors_msat: value_to_self_msat,
4516- remote_balance_before_fee_anchors_msat: value_to_remote_msat,
4526+ local_balance_before_fee_msat: value_to_self_msat,
4527+ remote_balance_before_fee_msat: value_to_remote_msat,
45174528 }
45184529 }
45194530
@@ -4541,9 +4552,8 @@ where
45414552 let stats = self.build_commitment_stats(funding, local, generated_by_local);
45424553 let CommitmentStats {
45434554 total_fee_sat,
4544- total_anchors_sat,
4545- local_balance_before_fee_anchors_msat,
4546- remote_balance_before_fee_anchors_msat
4555+ local_balance_before_fee_msat,
4556+ remote_balance_before_fee_msat
45474557 } = stats;
45484558
45494559 let num_htlcs = self.pending_inbound_htlcs.len() + self.pending_outbound_htlcs.len();
@@ -4614,9 +4624,9 @@ where
46144624 // cover the total fee and the anchors.
46154625
46164626 let (value_to_self, value_to_remote) = if funding.is_outbound() {
4617- ((local_balance_before_fee_anchors_msat / 1000).saturating_sub(total_anchors_sat).saturating_sub( total_fee_sat), remote_balance_before_fee_anchors_msat / 1000)
4627+ ((local_balance_before_fee_msat / 1000).saturating_sub(total_fee_sat), remote_balance_before_fee_msat / 1000)
46184628 } else {
4619- (local_balance_before_fee_anchors_msat / 1000, (remote_balance_before_fee_anchors_msat / 1000).saturating_sub(total_anchors_sat ).saturating_sub(total_fee_sat))
4629+ (local_balance_before_fee_msat / 1000, (remote_balance_before_fee_msat / 1000).saturating_sub(total_fee_sat))
46204630 };
46214631
46224632 let mut to_broadcaster_value_sat = if local { value_to_self } else { value_to_remote };
0 commit comments