Remote Channel Force-Closure with Payment Hash Re-Use #588
Description
ChannelMonitor::would_broadcast_at_height uses self.payment_preimages to check whether we should go on-chain to claim an inbound HTLC which is near expiry and for which we have the preimage. That's great, except that this allows a remote attacker to make us force-close a channel by
a) Routing an HTLC through us with a given payment_hash,
b) Routing a second payment "through" us with a bogus cltv_expiry with the same payment_hash,
c) Not revoking their previous state after we try to fail-back the second HTLC,
d) claiming the first HTLC (from the next-hop), revealing the payment_preimage to us
e) waiting for a block, causing us to find the second HTLC as "needs to go on-chain".
We probably need to extend payment_preimages to include HTLCSource or so, noting that it is pruned as commitment transactions are revoked so the additional memory is likely not much of an issue.