staticaddr: high fee versions of the htlc tx

In this commit we add signings of higher fee
htlc txns. The server requires the client to
sign higher fee versions to cover for high fee
environments where pending transactions take a
long time to confirm.

Author: hieblmi

staticaddr/loopin/actions.go

@@ -31,6 +31,13 @@ const (
 	defaultConfTarget = 3
 )
 
+var (
+	// ErrFeeTooHigh is returned if the server sets a fee rate for the htlc
+	// tx that is too high. We prevent here against a low htlc timeout sweep
+	// amount.
+	ErrFeeTooHigh = errors.New("fee is higher than 20% of sweep value")
+)
+
 // InitHtlcAction is executed if all loop-in information has been validated. We
 // assemble a loop-in request and send it to the server.
 func (f *FSM) InitHtlcAction(_ fsm.EventContext) fsm.EventType {
@@ -132,22 +139,53 @@ func (f *FSM) InitHtlcAction(_ fsm.EventContext) fsm.EventType {
 	}
 
 	f.loopIn.HtlcCltvExpiry = loopInResp.HtlcExpiry
+
+	// Retrieve htlc tx server nonces.
 	f.htlcServerNonces, err = toNonces(loopInResp.HtlcServerNonces)
 	if err != nil {
 		err = fmt.Errorf("unable to convert server nonces: %w", err)
 		return f.HandleError(err)
 	}
+	f.htlcServerNoncesHighFee, err = toNonces(
+		loopInResp.HtlcServerNoncesHighFee,
+	)
+	if err != nil {
+		return f.HandleError(err)
+	}
+	f.htlcServerNoncesExtremelyHighFee, err = toNonces(
+		loopInResp.HtlcServerNoncesExtremelyHighFee,
+	)
+	if err != nil {
+		return f.HandleError(err)
+	}
 
 	// We need to defend against the server setting high fees for the htlc
 	// tx since we might have to sweep the timeout path. We maximally allow
 	// 20% of the swap value to be spent on fees.
-	f.loopIn.HtlcTxFeeRate = chainfee.SatPerKWeight(loopInResp.HtlcFeeRate)
-	fee := f.loopIn.HtlcTxFeeRate.FeeForWeight(f.loopIn.htlcWeight())
+	maxFee := f.loopIn.TotalDepositAmount() / 5
 
-	if fee > f.loopIn.TotalDepositAmount()/5 {
-		return f.HandleError(errors.New("fee is higher than 20% of " +
-			"sweep value"))
+	feeRate := chainfee.SatPerKWeight(loopInResp.HtlcFeeRate)
+	fee := feeRate.FeeForWeight(f.loopIn.htlcWeight())
+	if fee > maxFee {
+		return f.HandleError(ErrFeeTooHigh)
 	}
+	f.loopIn.HtlcTxFeeRate = feeRate
+
+	highFeeRate := chainfee.SatPerKWeight(loopInResp.HighHtlcFeeRate)
+	fee = highFeeRate.FeeForWeight(f.loopIn.htlcWeight())
+	if fee > maxFee {
+		return f.HandleError(ErrFeeTooHigh)
+	}
+	f.loopIn.HtlcTxHighFeeRate = highFeeRate
+
+	extremelyHighFeeRate := chainfee.SatPerKWeight(
+		loopInResp.ExtremelyHighHtlcFeeRate,
+	)
+	fee = extremelyHighFeeRate.FeeForWeight(f.loopIn.htlcWeight())
+	if fee > maxFee {
+		return f.HandleError(ErrFeeTooHigh)
+	}
+	f.loopIn.HtlcTxExtremelyHighFeeRate = extremelyHighFeeRate
 
 	// Derive the sweep address for the htlc timeout sweep tx.
 	sweepAddress, err := f.cfg.WalletKit.NextAddr(
@@ -195,26 +233,51 @@ func (f *FSM) SignHtlcTxAction(_ fsm.EventContext) fsm.EventType {
 		return f.HandleError(err)
 	}
 
-	// Create a musig2 session for each deposit.
+	// Create a musig2 session for each deposit and different htlc tx fee
+	// rates.
 	htlcSessions, clientHtlcNonces, err := f.loopIn.createMusig2Sessions(
 		f.ctx, f.cfg.Signer,
 	)
 	if err != nil {
 		err = fmt.Errorf("unable to create musig2 sessions: %w", err)
 		return f.HandleError(err)
 	}
+	htlcSessionsHighFee, highFeeNonces, err := f.loopIn.createMusig2Sessions(
+		f.ctx, f.cfg.Signer,
+	)
+	if err != nil {
+		return f.HandleError(err)
+	}
+	htlcSessionsExtremelyHighFee, extremelyHighNonces, err := f.loopIn.createMusig2Sessions( //nolint:lll
+		f.ctx, f.cfg.Signer,
+	)
 	if err != nil {
 		err = fmt.Errorf("unable to convert nonces: %w", err)
 		return f.HandleError(err)
 	}
 
-	htlcTx, err := f.loopIn.createHtlcTx(f.cfg.ChainParams)
+	// Create the htlc txns for different fee rates.
+	htlcTx, err := f.loopIn.createHtlcTx(
+		f.cfg.ChainParams, f.loopIn.HtlcTxFeeRate,
+	)
+	if err != nil {
+		return f.HandleError(err)
+	}
+	htlcTxHighFee, err := f.loopIn.createHtlcTx(
+		f.cfg.ChainParams, f.loopIn.HtlcTxHighFeeRate,
+	)
+	if err != nil {
+		return f.HandleError(err)
+	}
+	htlcTxExtremelyHighFee, err := f.loopIn.createHtlcTx(
+		f.cfg.ChainParams, f.loopIn.HtlcTxExtremelyHighFeeRate,
+	)
 	if err != nil {
 		err = fmt.Errorf("unable to create the htlc tx: %w", err)
 		return f.HandleError(err)
 	}
 
-	// Next we'll get our htlc tx signatures.
+	// Next we'll get our htlc tx signatures for different fee rates.
 	htlcSigs, err := f.loopIn.signMusig2Tx(
 		f.ctx, htlcTx, f.cfg.Signer, htlcSessions, f.htlcServerNonces,
 	)
@@ -223,11 +286,30 @@ func (f *FSM) SignHtlcTxAction(_ fsm.EventContext) fsm.EventType {
 		return f.HandleError(err)
 	}
 
+	htlcSigsHighFee, err := f.loopIn.signMusig2Tx(
+		f.ctx, htlcTxHighFee, f.cfg.Signer, htlcSessionsHighFee,
+		f.htlcServerNoncesHighFee,
+	)
+	if err != nil {
+		return f.HandleError(err)
+	}
+	htlcSigsExtremelyHighFee, err := f.loopIn.signMusig2Tx(
+		f.ctx, htlcTxExtremelyHighFee, f.cfg.Signer,
+		htlcSessionsExtremelyHighFee, f.htlcServerNoncesExtremelyHighFee,
+	)
+	if err != nil {
+		return f.HandleError(err)
+	}
+
 	// Push htlc tx sigs to server.
 	pushHtlcReq := &looprpc.PushStaticAddressHtlcSigsRequest{
-		SwapHash:         f.loopIn.SwapHash[:],
-		HtlcClientNonces: clientHtlcNonces,
-		HtlcClientSigs:   htlcSigs,
+		SwapHash:                         f.loopIn.SwapHash[:],
+		HtlcClientNonces:                 clientHtlcNonces,
+		HtlcClientNoncesHighFee:          highFeeNonces,
+		HtlcClientNoncesExtremelyHighFee: extremelyHighNonces,
+		HtlcClientSigs:                   htlcSigs,
+		HtlcClientSigsHighFee:            htlcSigsHighFee,
+		HtlcClientSigsExtremelyHighFee:   htlcSigsExtremelyHighFee,
 	}
 	_, err = f.cfg.Server.PushStaticAddressHtlcSigs(f.ctx, pushHtlcReq)
 	if err != nil {

staticaddr/loopin/fsm.go

@@ -28,6 +28,14 @@ type FSM struct {
 	// htlcServerNonces contains all the nonces that the server generated
 	// for the htlc musig2 sessions.
 	htlcServerNonces [][musig2.PubNonceSize]byte
+
+	// htlcServerNoncesHighFee contains all the high fee nonces that the
+	// server generated for the htlc musig2 sessions.
+	htlcServerNoncesHighFee [][musig2.PubNonceSize]byte
+
+	// htlcServerNoncesExtremelyHighFee contains all the extremely high fee
+	// nonces that the  server generated for the htlc musig2 sessions.
+	htlcServerNoncesExtremelyHighFee [][musig2.PubNonceSize]byte
 }
 
 // NewFSM creates a new loop-in state machine.

staticaddr/loopin/loopin.go

@@ -102,6 +102,14 @@ type StaticAddressLoopIn struct {
 	// HtlcTxFeeRate is the fee rate that is used for the htlc transaction.
 	HtlcTxFeeRate chainfee.SatPerKWeight
 
+	// HtlcTxHighFeeRate is the fee rate that is used for the htlc
+	// transaction.
+	HtlcTxHighFeeRate chainfee.SatPerKWeight
+
+	// HtlcTxExtremelyHighFeeRate is the fee rate that is used for the htlc
+	// transaction.
+	HtlcTxExtremelyHighFeeRate chainfee.SatPerKWeight
+
 	// HtlcTimeoutSweepTxHash is the hash of the htlc timeout sweep tx.
 	HtlcTimeoutSweepTxHash *chainhash.Hash
 
@@ -295,8 +303,8 @@ func (l *StaticAddressLoopIn) signMusig2Tx(ctx context.Context,
 
 // createHtlcTx creates the transaction that spend the deposit outpoints into
 // a htlc outpoint.
-func (l *StaticAddressLoopIn) createHtlcTx(chainParams *chaincfg.Params) (
-	*wire.MsgTx, error) {
+func (l *StaticAddressLoopIn) createHtlcTx(chainParams *chaincfg.Params,
+	feeRate chainfee.SatPerKWeight) (*wire.MsgTx, error) {
 
 	// First Create the tx.
 	msgTx := wire.NewMsgTx(2)
@@ -312,7 +320,7 @@ func (l *StaticAddressLoopIn) createHtlcTx(chainParams *chaincfg.Params) (
 
 	// Calculate htlc tx fee for server provided fee rate.
 	weight := l.htlcWeight()
-	fee := l.HtlcTxFeeRate.FeeForWeight(weight)
+	fee := feeRate.FeeForWeight(weight)
 
 	htlc, err := l.getHtlc(chainParams)
 	if err != nil {
@@ -386,7 +394,7 @@ func (l *StaticAddressLoopIn) createHtlcSweepTx(ctx context.Context,
 		return nil, err
 	}
 
-	htlcTx, err := l.createHtlcTx(network)
+	htlcTx, err := l.createHtlcTx(network, l.HtlcTxFeeRate)
 	if err != nil {
 		return nil, err
 	}

swapserverrpc/server.proto

@@ -776,23 +776,52 @@ message ServerStaticAddressLoopInResponse {
     // htlc will expire and the client is free to claim the funds back.
     int32 htlc_expiry = 2;
 
-    // The nonces that the server used to generate the partial htlc sigs.
+    // The nonces that the server used to generate the partial htlc tx sigs.
     repeated bytes htlc_server_nonces = 3;
 
+    // The nonces that the server used to generate the partial high fee htlc tx
+    // sigs.
+    repeated bytes htlc_server_nonces_high_fee = 4;
+
+    // The nonces that the server used to generate the partial extremely high
+    // fee htlc tx sigs.
+    repeated bytes htlc_server_nonces_extremely_high_fee = 5;
+
     // The fee rate in sat/kw that the server wants to use for the htlc tx.
-    uint64 htlc_fee_rate = 4;
+    uint64 htlc_fee_rate = 6;
+
+    // The high fee rate in sat/kw that the server wants to use for the htlc tx.
+    uint64 high_htlc_fee_rate = 7;
+
+    // The extremely high fee rate in sat/kw that the server wants to use for
+    // the htlc tx.
+    uint64 extremely_high_htlc_fee_rate = 8;
 }
 
 message PushStaticAddressHtlcSigsRequest {
-    // The swap hash of the swap that the client wants to push the htlc sigs
-    // for.
+    // The swap hash that the client wants to push the htlc sigs for.
     bytes swap_hash = 1;
 
     // The nonces that the client used to generate the htlc sigs.
     repeated bytes htlc_client_nonces = 2;
 
-    // The partial htlc sigs that the client generated for the htlc tx.
-    repeated bytes htlc_client_sigs = 3;
+    // The nonces that the client used to generate the partial high fee htlc tx
+    // sigs.
+    repeated bytes htlc_client_nonces_high_fee = 3;
+
+    // The nonces that the client used to generate the partial extremely high
+    // htlc tx sigs.
+    repeated bytes htlc_client_nonces_extremely_high_fee = 4;
+
+    // The musig2 htlc sigs that the client generated for the htlc tx.
+    repeated bytes htlc_client_sigs = 5;
+
+    // The musig2 htlc sigs that the client generated for the high fee htlc tx.
+    repeated bytes htlc_client_sigs_high_fee = 6;
+
+    // The musig2 htlc sigs that the client generated for the extremely high fee
+    // htlc tx.
+    repeated bytes htlc_client_sigs_extremely_high_fee = 7;
 }
 
 message PushStaticAddressHtlcSigsResponse {