Skip to content

Commit to client's node id in bLIP-52/LSPS2 promise #4040

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 2, 2025
Merged

Commit to client's node id in bLIP-52/LSPS2 promise #4040

merged 1 commit into from
Sep 2, 2025
+109 −20

Conversation

tnull
Copy link
Contributor

@tnull tnull commented Sep 2, 2025

Closes #4037.

Previously, the promise HMAC would only commit to the promise secret and the OpeningFeeParams fields, leaving room for other clients to reuse the same OpeningFeeParams in BuyRequests if they'd acquire it somehow out-of-bounds.

While this flexibility also has some benefits, we here have the service commit to the client's node id, making sure only the original client can redeem a specific OpeningFeeParams.

(cc @johncantrell97 @martinsaposnic)

@tnull
Commit to client's node id in bLIP-52/LSPS2 promise
e4aece2 
Previously, the promise HMAC would only commit to the promise secret and
the `OpeningFeeParams` fields, leaving room for other clients to reuse
the same `OpeningFeeParams` in `BuyRequests` if they'd acquire it
somehow out-of-bounds.

While this flexibility also has some benefits, we here have the service
commit to the client's node id, making sure only the original client
can redeem a specific `OpeningFeeParams`.
@tnull tnull requested a review from TheBlueMatt September 2, 2025 07:33
@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Sep 2, 2025
edited
Loading

👋 Thanks for assigning @TheBlueMatt as a reviewer!
I'll wait for their review and will help manage the review process.
Once they submit their review, I'll check if a second reviewer would be helpful.

@tnull tnull mentioned this pull request Sep 2, 2025
Closed
@codecov Codecov
Copy link

codecov bot commented Sep 2, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 88.75%. Comparing base (26639f1) to head (e4aece2).
⚠️ Report is 5 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4040      +/-   ##
==========================================
+ Coverage   88.73%   88.75%   +0.01%     
==========================================
  Files         176      176              
  Lines      129015   129106      +91     
  Branches   129015   129106      +91     
==========================================
+ Hits       114485   114583      +98     
+ Misses      11935    11923      -12     
- Partials     2595     2600       +5
Flag Coverage Δ
fuzzing 22.31% <0.00%> (+0.40%) ⬆️
tests 88.58% <100.00%> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

TheBlueMatt
TheBlueMatt approved these changes Sep 2, 2025
View reviewed changes
Copy link
Collaborator

@TheBlueMatt TheBlueMatt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is trivial so just gonna land it.

@ldk-reviews-bot
Copy link

👋 The first review has been submitted!

Do you think this PR is ready for a second reviewer? If so, click here to assign a second reviewer.

@TheBlueMatt TheBlueMatt merged commit 86c6960 into lightningdevkit:main Sep 2, 2025
25 checks passed
@tnull tnull mentioned this pull request Sep 2, 2025
Merged
@martinsaposnic
Copy link
Contributor

post merge ACK

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TheBlueMatt TheBlueMatt TheBlueMatt approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Clients that know the LSPS2OpeningFeeParams can bypass the token requirement in LSPS2
4 participants
@tnull @ldk-reviews-bot @martinsaposnic @TheBlueMatt