multi: add channel acceptor, enforce max HTLC limit

Author: guggero

go.mod

@@ -26,9 +26,9 @@ require (
 	github.com/lib/pq v1.10.9
 	github.com/lightninglabs/aperture v0.3.2-beta.0.20240919071136-db27bb9a78bd
 	github.com/lightninglabs/lightning-node-connect/hashmailrpc v1.0.2
-	github.com/lightninglabs/lndclient v1.0.1-0.20240920110952-ac3012686ab5
+	github.com/lightninglabs/lndclient v1.0.1-0.20240920113744-6c0e26f97430
 	github.com/lightninglabs/neutrino/cache v1.1.2
-	github.com/lightningnetwork/lnd v0.18.0-beta.rc4.0.20240919095711-611852fd34b1
+	github.com/lightningnetwork/lnd v0.18.0-beta.rc4.0.20240920093603-53cea846b417
 	github.com/lightningnetwork/lnd/cert v1.2.2
 	github.com/lightningnetwork/lnd/clock v1.1.1
 	github.com/lightningnetwork/lnd/fn v1.2.1
@@ -207,8 +207,3 @@ require (
 // We want to format raw bytes as hex instead of base64. The forked version
 // allows us to specify that as an option.
 replace google.golang.org/protobuf => github.com/lightninglabs/protobuf-go-hex-display v1.30.0-hex-display
-
-// We need this replace until the final custom channel PR (part5) is merged and
-// the lnd-18-4 branch of `lndclient` points to that. Otherwise go mod tidy will
-// revert the version to what `lndclient` has in its go.mod file.
-replace github.com/lightningnetwork/lnd => github.com/lightningnetwork/lnd v0.18.0-beta.rc4.0.20240919124701-168e301ccfdc

go.sum

@@ -483,8 +483,8 @@ github.com/lightninglabs/lightning-node-connect v0.2.5-alpha h1:ZRVChwczFXK0CEbx
 github.com/lightninglabs/lightning-node-connect v0.2.5-alpha/go.mod h1:A9Pof9fETkH+F67BnOmrBDThPKstqp73wlImWOZvTXQ=
 github.com/lightninglabs/lightning-node-connect/hashmailrpc v1.0.2 h1:Er1miPZD2XZwcfE4xoS5AILqP1mj7kqnhbBSxW9BDxY=
 github.com/lightninglabs/lightning-node-connect/hashmailrpc v1.0.2/go.mod h1:antQGRDRJiuyQF6l+k6NECCSImgCpwaZapATth2Chv4=
-github.com/lightninglabs/lndclient v1.0.1-0.20240920110952-ac3012686ab5 h1:ZKJtS00m+Wol/1ghFWkmcpYpQHrMl7k67cIYMzINRPo=
-github.com/lightninglabs/lndclient v1.0.1-0.20240920110952-ac3012686ab5/go.mod h1:WGJkH/qCE2pvkCW+P5Hvw4D48E7Ay4fUQ+QV3ZtMO7Q=
+github.com/lightninglabs/lndclient v1.0.1-0.20240920113744-6c0e26f97430 h1:WPdK83o1B/dj8mWAvMuBlY0/vsOwwvayAwtzeV0BjI8=
+github.com/lightninglabs/lndclient v1.0.1-0.20240920113744-6c0e26f97430/go.mod h1:fLzkN+f1Mt0h2QgRrUtFq25jNrHFLwSl4W2iG9yqT0I=
 github.com/lightninglabs/neutrino v0.16.1-0.20240425105051-602843d34ffd h1:D8aRocHpoCv43hL8egXEMYyPmyOiefFHZ66338KQB2s=
 github.com/lightninglabs/neutrino v0.16.1-0.20240425105051-602843d34ffd/go.mod h1:x3OmY2wsA18+Kc3TSV2QpSUewOCiscw2mKpXgZv2kZk=
 github.com/lightninglabs/neutrino/cache v1.1.2 h1:C9DY/DAPaPxbFC+xNNEI/z1SJY9GS3shmlu5hIQ798g=
@@ -495,6 +495,7 @@ github.com/lightningnetwork/lightning-onion v1.2.1-0.20240712235311-98bd56499dfb
 github.com/lightningnetwork/lightning-onion v1.2.1-0.20240712235311-98bd56499dfb/go.mod h1:c0kvRShutpj3l6B9WtTsNTBUtjSmjZXbJd9ZBRQOSKI=
 github.com/lightningnetwork/lnd v0.18.0-beta.rc4.0.20240919124701-168e301ccfdc h1:PQhnYsHrozS/Wrf26WpjgjYqJkRSsFUmkt3z6F0tT2o=
 github.com/lightningnetwork/lnd v0.18.0-beta.rc4.0.20240919124701-168e301ccfdc/go.mod h1:Y4sP4cQS+V8IpDn6hD6zEyX3dkIwUqLkCPtHfXNaVY0=
+github.com/lightningnetwork/lnd v0.18.0-beta.rc4.0.20240920093603-53cea846b417/go.mod h1:Y4sP4cQS+V8IpDn6hD6zEyX3dkIwUqLkCPtHfXNaVY0=
 github.com/lightningnetwork/lnd/cert v1.2.2 h1:71YK6hogeJtxSxw2teq3eGeuy4rHGKcFf0d0Uy4qBjI=
 github.com/lightningnetwork/lnd/cert v1.2.2/go.mod h1:jQmFn/Ez4zhDgq2hnYSw8r35bqGVxViXhX6Cd7HXM6U=
 github.com/lightningnetwork/lnd/clock v1.1.1 h1:OfR3/zcJd2RhH0RU+zX/77c0ZiOnIMsDIBjgjWdZgA0=

psbt_channel_funder.go

@@ -144,6 +144,16 @@ func (l *LndPbstChannelFunder) OpenChannel(ctx context.Context,
 	}
 }
 
+// ChannelAcceptor is used to accept and potentially influence parameters of
+// incoming channels.
+func (l *LndPbstChannelFunder) ChannelAcceptor(ctx context.Context,
+	acceptor lndclient.AcceptorFunction) (chan error, error) {
+
+	return l.lnd.Client.ChannelAcceptor(
+		ctx, tapchannel.DefaultTimeout/2, acceptor,
+	)
+}
+
 // A compile-time check to ensure that LndPbstChannelFunder fully implements
 // the tapchannel.PsbtChannelFunder interface.
 var _ tapchannel.PsbtChannelFunder = (*LndPbstChannelFunder)(nil)

tapcfg/server.go

@@ -451,6 +451,7 @@ func genServerConfig(cfg *Config, cfgLogger btclog.Logger,
 			DefaultCourierAddr: proofCourierAddr,
 			AssetSyncer:        addrBook,
 			FeatureBits:        lndFeatureBitsVerifier,
+			ErrChan:            mainErrChan,
 		},
 	)
 	auxTrafficShaper := tapchannel.NewAuxTrafficShaper(

tapchannel/aux_funding_controller.go

@@ -20,6 +20,7 @@ import (
 	"github.com/btcsuite/btcd/chaincfg/chainhash"
 	"github.com/btcsuite/btcd/wire"
 	"github.com/davecgh/go-spew/spew"
+	"github.com/lightninglabs/lndclient"
 	"github.com/lightninglabs/taproot-assets/address"
 	"github.com/lightninglabs/taproot-assets/asset"
 	"github.com/lightninglabs/taproot-assets/commitment"
@@ -51,6 +52,28 @@ const (
 	// ackTimeout is the amount of time we'll wait to receive the protocol
 	// level ACK from the remote party before timing out.
 	ackTimeout = time.Second * 30
+
+	// maxNumAssetIDs is the maximum number of fungible asset pieces (asset
+	// IDs) that can be committed to a single channel. The number needs to
+	// be limited to prevent the number of required HTLC signatures to be
+	// too large for a single CommitSig wire message to carry them. This
+	// value is tightly coupled with the number of HTLCs that can be added
+	// to a channel at the same time (maxNumHTLCs). The values were
+	// determined with the TestMaxCommitSigMsgSize test in
+	// aux_leaf_signer_test.go then a set was chosen that would allow for
+	// a decent number of HTLCs (and also a number that is divisible by two
+	// because each side will only be allowed to add half of the total).
+	maxNumAssetIDs = 3
+
+	// maxNumHTLCs is the maximum number of HTLCs there can be in an asset
+	// channel to avoid the number of signatures exceeding the maximum
+	// message size of a CommitSig message. See maxNumAssetIDs for more
+	// information.
+	maxNumHTLCs = 166
+
+	// maxNumHTLCsPerParty is the maximum number of HTLCs that can be added
+	// by a single party to a channel.
+	maxNumHTLCsPerParty = maxNumHTLCs / 2
 )
 
 // ErrorReporter is used to report an error back to the caller and/or peer that
@@ -137,6 +160,11 @@ type PsbtChannelFunder interface {
 	// process. Afterward, the funding transaction should be signed and
 	// broadcast.
 	OpenChannel(context.Context, OpenChanReq) (AssetChanIntent, error)
+
+	// ChannelAcceptor is used to accept and potentially influence
+	// parameters of incoming channels.
+	ChannelAcceptor(ctx context.Context,
+		acceptor lndclient.AcceptorFunction) (chan error, error)
 }
 
 // TxPublisher is an interface used to publish transactions.
@@ -221,6 +249,9 @@ type FundingControllerCfg struct {
 	// FeatureBits is used to verify that the peer has the required feature
 	// to fund asset channels.
 	FeatureBits FeatureBitVerifer
+
+	// ErrChan is used to report errors back to the main server.
+	ErrChan chan<- error
 }
 
 // bindFundingReq is a request to bind a pending channel ID to a complete aux
@@ -297,6 +328,36 @@ func (f *FundingController) Start() error {
 	f.Wg.Add(1)
 	go f.chanFunder()
 
+	f.Wg.Add(1)
+	go func() {
+		defer f.Wg.Done()
+
+		ctx, cancel := f.WithCtxQuitNoTimeout()
+		defer cancel()
+
+		errChan, err := f.cfg.ChannelFunder.ChannelAcceptor(
+			ctx, f.channelAcceptor,
+		)
+		if err != nil {
+			err = fmt.Errorf("unable to start channel acceptor: %w",
+				err)
+			f.cfg.ErrChan <- err
+			return
+		}
+
+		// We'll accept channels for as long as the funding controller
+		// is running or until we receive an error.
+		select {
+		case err := <-errChan:
+			err = fmt.Errorf("channel acceptor error: %w", err)
+			f.cfg.ErrChan <- err
+
+		case <-f.Quit:
+			log.Infof("Stopping channel acceptor, funding " +
+				"controller shutting down")
+		}
+	}()
+
 	return nil
 }
 
@@ -1007,10 +1068,11 @@ func (f *FundingController) completeChannelFunding(ctx context.Context,
 	// Now that we have the initial PSBT template, we can start the funding
 	// flow with lnd.
 	fundingReq := OpenChanReq{
-		ChanAmt: 100_000,
-		PushAmt: fundingState.pushAmt,
-		PeerPub: fundingState.peerPub,
-		TempPID: fundingState.pid,
+		ChanAmt:       100_000,
+		PushAmt:       fundingState.pushAmt,
+		PeerPub:       fundingState.peerPub,
+		TempPID:       fundingState.pid,
+		RemoteMaxHtlc: maxNumHTLCsPerParty,
 	}
 	assetChanIntent, err := f.cfg.ChannelFunder.OpenChannel(ctx, fundingReq)
 	if err != nil {
@@ -1669,6 +1731,42 @@ func (f *FundingController) chanFunder() {
 	}
 }
 
+// channelAcceptor is a callback that's called by the lnd client when a new
+// channel is proposed. This function is responsible for deciding whether to
+// accept the channel based on the channel parameters, and to also set some
+// channel parameters for our own side.
+func (f *FundingController) channelAcceptor(_ context.Context,
+	req *lndclient.AcceptorRequest) (*lndclient.AcceptorResponse, error) {
+
+	// Avoid nil pointer dereference.
+	if req.CommitmentType == nil {
+		return nil, fmt.Errorf("commitment type is required")
+	}
+
+	// Ignore any non-asset channels, just accept them.
+	if *req.CommitmentType != lnwallet.CommitmentTypeSimpleTaprootOverlay {
+		return &lndclient.AcceptorResponse{
+			Accept: true,
+		}, nil
+	}
+
+	// Reject custom channels that don't observe the max HTLC limit.
+	if req.MaxAcceptedHtlcs != maxNumHTLCsPerParty {
+		return &lndclient.AcceptorResponse{
+			Accept: false,
+			Error: fmt.Sprintf("max accepted HTLCs must be 123, "+
+				"got %d", req.MaxAcceptedHtlcs),
+		}, nil
+	}
+
+	// Everything looks good, we can now set our own max HTLC limit we'll
+	// observe for this channel.
+	return &lndclient.AcceptorResponse{
+		Accept:       true,
+		MaxHtlcCount: maxNumHTLCsPerParty,
+	}, nil
+}
+
 // validateProofs validates the inclusion/exclusion/split proofs and the
 // transfer witness of the given proofs.
 func (f *FundingController) validateProofs(proofs []*proof.Proof) error {