tapcfg+tapchannel: validate incoming channel in invoice mgr

We need to make sure an asset HTLC actually comes through the correct
channel that commits to that asset in the first place.

Author: guggero

tapcfg/server.go

@@ -487,6 +487,7 @@ func genServerConfig(cfg *Config, cfgLogger btclog.Logger,
 			ChainParams:         &tapChainParams,
 			InvoiceHtlcModifier: lndInvoicesClient,
 			RfqManager:          rfqManager,
+			LightningClient:     lndServices.Client,
 		},
 	)
 	auxChanCloser := tapchannel.NewAuxChanCloser(

tapchannel/aux_invoice_manager.go

@@ -2,6 +2,7 @@ package tapchannel
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"sync"
 
@@ -13,6 +14,7 @@ import (
 	"github.com/lightninglabs/taproot-assets/rfqmath"
 	"github.com/lightninglabs/taproot-assets/rfqmsg"
 	"github.com/lightninglabs/taproot-assets/taprpc"
+	"github.com/lightningnetwork/lnd/invoices"
 	"github.com/lightningnetwork/lnd/lnrpc"
 	"github.com/lightningnetwork/lnd/lnwire"
 	"github.com/lightningnetwork/lnd/routing/route"
@@ -77,6 +79,10 @@ type InvoiceManagerConfig struct {
 	// accepted quotes for determining the incoming value of invoice related
 	// HTLCs.
 	RfqManager RfqManager
+
+	// LndClient is the lnd client that will be used to interact with the
+	// lnd node.
+	LightningClient lndclient.LightningClient
 }
 
 // AuxInvoiceManager is a Taproot Asset auxiliary invoice manager that can be
@@ -206,7 +212,7 @@ func (s *AuxInvoiceManager) handleInvoiceAccept(ctx context.Context,
 	}
 
 	// We now run some validation checks on the asset HTLC.
-	err = s.validateAssetHTLC(ctx, htlc)
+	err = s.validateAssetHTLC(ctx, htlc, resp.CircuitKey)
 	if err != nil {
 		log.Errorf("Failed to validate asset HTLC: %v", err)
 
@@ -390,7 +396,7 @@ func isAssetInvoice(invoice *lnrpc.Invoice, rfqLookup RfqLookup) bool {
 
 // validateAssetHTLC runs a couple of checks on the provided asset HTLC.
 func (s *AuxInvoiceManager) validateAssetHTLC(ctx context.Context,
-	htlc *rfqmsg.Htlc) error {
+	htlc *rfqmsg.Htlc, circuitKey invoices.CircuitKey) error {
 
 	rfqID := htlc.RfqID.ValOpt().UnsafeFromSome()
 
@@ -403,6 +409,7 @@ func (s *AuxInvoiceManager) validateAssetHTLC(ctx context.Context,
 
 	// Check for each of the asset balances of the HTLC that the identifier
 	// matches that of the RFQ quote.
+	assetIDs := fn.NewSet[asset.ID]()
 	for _, v := range htlc.Balances() {
 		match, err := s.cfg.RfqManager.AssetMatchesSpecifier(
 			ctx, identifier, v.AssetID.Val,
@@ -415,6 +422,47 @@ func (s *AuxInvoiceManager) validateAssetHTLC(ctx context.Context,
 			return fmt.Errorf("asset ID %s does not match %s",
 				v.AssetID.Val.String(), identifier.String())
 		}
+
+		assetIDs.Add(v.AssetID.Val)
+	}
+
+	// We also need to validate that the HTLC is actually the correct asset
+	// and arrived through the correct asset channel.
+	channels, err := s.cfg.LightningClient.ListChannels(ctx, true, false)
+	if err != nil {
+		return fmt.Errorf("unable to list channels: %w", err)
+	}
+
+	var inboundChannel *lndclient.ChannelInfo
+	for _, channel := range channels {
+		if channel.ChannelID == circuitKey.ChanID.ToUint64() {
+			inboundChannel = &channel
+			break
+		}
+	}
+
+	if inboundChannel == nil {
+		return fmt.Errorf("unable to find channel with short channel "+
+			"ID %d", circuitKey.ChanID.ToUint64())
+	}
+
+	if len(inboundChannel.CustomChannelData) == 0 {
+		return fmt.Errorf("channel %d does not have custom channel "+
+			"data, can't accept asset HTLC over non-asset channel",
+			inboundChannel.ChannelID)
+	}
+
+	var assetData rfqmsg.JsonAssetChannel
+	err = json.Unmarshal(inboundChannel.CustomChannelData, &assetData)
+	if err != nil {
+		return fmt.Errorf("unable to unmarshal channel asset data: %w",
+			err)
+	}
+
+	if !assetData.HasAllAssetIDs(assetIDs) {
+		return fmt.Errorf("channel %d does not have all asset IDs "+
+			"required for HTLC settlement",
+			inboundChannel.ChannelID)
 	}
 
 	return nil

tapchannel/aux_invoice_manager_test.go

@@ -1,8 +1,10 @@
 package tapchannel
 
 import (
+	"bytes"
 	"context"
 	"crypto/sha256"
+	"encoding/json"
 	"fmt"
 	"math/big"
 	"testing"
@@ -298,7 +300,9 @@ func (m *mockHtlcModifierProperty) HtlcModifier(ctx context.Context,
 			}
 		} else {
 			if assetValueMsat != res.AmtPaid {
-				m.t.Errorf("unexpected final asset value")
+				m.t.Errorf("unexpected final asset value, "+
+					"wanted %d, got %d", assetValueMsat,
+					res.AmtPaid)
 			}
 		}
 	}
@@ -309,6 +313,19 @@ func (m *mockHtlcModifierProperty) HtlcModifier(ctx context.Context,
 	return nil
 }
 
+type mockLndClient struct {
+	lndclient.LightningClient
+
+	channels []lndclient.ChannelInfo
+}
+
+// ListChannels retrieves all channels of the backing lnd node.
+func (m *mockLndClient) ListChannels(_ context.Context, _,
+	_ bool) ([]lndclient.ChannelInfo, error) {
+
+	return m.channels, nil
+}
+
 // TestAuxInvoiceManager tests that the htlc modifications of the aux invoice
 // manager align with our expectations.
 func TestAuxInvoiceManager(t *testing.T) {
@@ -609,6 +626,7 @@ func TestAuxInvoiceManager(t *testing.T) {
 			peerBuyQuotes:   testCase.buyQuotes,
 			localSellQuotes: testCase.sellQuotes,
 		}
+		mockLnd := &mockLndClient{}
 
 		done := make(chan bool)
 
@@ -626,6 +644,7 @@ func TestAuxInvoiceManager(t *testing.T) {
 				ChainParams:         testChainParams,
 				InvoiceHtlcModifier: mockModifier,
 				RfqManager:          mockRfq,
+				LightningClient:     mockLnd,
 			},
 		)
 
@@ -800,13 +819,12 @@ func genRequest(t *rapid.T) (lndclient.InvoiceHtlcModifyRequest, uint64,
 // genRequests generates a random array of requests to be processed by the
 // AuxInvoiceManager. It also returns the rfq map with the related rfq quotes.
 func genRequests(t *rapid.T) ([]lndclient.InvoiceHtlcModifyRequest,
-	rfq.BuyAcceptMap) {
+	rfq.BuyAcceptMap, []lndclient.ChannelInfo) {
 
 	rfqMap := rfq.BuyAcceptMap{}
 
 	numRequests := rapid.IntRange(1, 5).Draw(t, "requestsLen")
-	requests := make([]lndclient.InvoiceHtlcModifyRequest, 0)
-
+	var requests []lndclient.InvoiceHtlcModifyRequest
 	for range numRequests {
 		req, numAssets, assetID, scid := genRequest(t)
 		requests = append(requests, req)
@@ -819,7 +837,37 @@ func genRequests(t *rapid.T) ([]lndclient.InvoiceHtlcModifyRequest,
 		genBuyQuotes(t, rfqMap, numAssets, quoteAmt, assetID, scid)
 	}
 
-	return requests, rfqMap
+	channels := make([]lndclient.ChannelInfo, len(requests))
+	for i, req := range requests {
+		var (
+			buf           bytes.Buffer
+			htlc          rfqmsg.Htlc
+			jsonAssetChan rfqmsg.JsonAssetChannel
+		)
+		err := req.WireCustomRecords.SerializeTo(&buf)
+		require.NoError(t, err)
+
+		err = htlc.Decode(&buf)
+		require.NoError(t, err)
+
+		jsonAssetChan.FundingAssets = make(
+			[]rfqmsg.JsonAssetUtxo, len(htlc.Balances()),
+		)
+		for idx, balance := range htlc.Balances() {
+			fundingAsset := &jsonAssetChan.FundingAssets[idx]
+			fundingAssetGen := &fundingAsset.AssetGenesis
+			fundingAssetGen.AssetID = balance.AssetID.Val.String()
+		}
+
+		jsonChan, err := json.Marshal(jsonAssetChan)
+		require.NoError(t, err)
+		channels[i] = lndclient.ChannelInfo{
+			ChannelID:         req.CircuitKey.ChanID.ToUint64(),
+			CustomChannelData: jsonChan,
+		}
+	}
+
+	return requests, rfqMap, channels
 }
 
 // genRandomVertex generates a route.Vertex instance filled with random bytes.
@@ -898,11 +946,14 @@ func genBuyQuotes(t *rapid.T, rfqMap rfq.BuyAcceptMap, units, amtMsat uint64,
 // testInvoiceManager creates an array of requests to be processed by the
 // AuxInvoiceManager. Uses the enhanced HtlcModifierMockProperty instance.
 func testInvoiceManager(t *rapid.T) {
-	requests, rfqMap := genRequests(t)
+	requests, rfqMap, channels := genRequests(t)
 
 	mockRfq := &mockRfqManager{
 		peerBuyQuotes: rfqMap,
 	}
+	mockLnd := &mockLndClient{
+		channels: channels,
+	}
 
 	done := make(chan bool)
 
@@ -913,13 +964,12 @@ func testInvoiceManager(t *rapid.T) {
 		t:          t,
 	}
 
-	manager := NewAuxInvoiceManager(
-		&InvoiceManagerConfig{
-			ChainParams:         testChainParams,
-			InvoiceHtlcModifier: mockModifier,
-			RfqManager:          mockRfq,
-		},
-	)
+	manager := NewAuxInvoiceManager(&InvoiceManagerConfig{
+		ChainParams:         testChainParams,
+		InvoiceHtlcModifier: mockModifier,
+		RfqManager:          mockRfq,
+		LightningClient:     mockLnd,
+	})
 
 	err := manager.Start()
 	require.NoError(t, err)