Skip to content

Attributable failures #9888

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Attributable failures #9888

wants to merge 7 commits into from

Conversation

@GeorgeTsagk
Copy link
Collaborator

@GeorgeTsagk GeorgeTsagk commented Jun 2, 2025

Description

Adds support for Attributable failures (feature 36/37). This changes the error encryption and the data encoding for the update_fail_htlc message. We now include the attribution structure in the extra data of the peer message, which helps with assigning blame across the route and also extracting the reported HTLC hold times for each node across the route.

For now we default to using non-strict attribution decryption, which means that we're basically preserving the old behavior in order to give time to nodes to upgrade. Otherwise this could lead to premature blame of our direct peers, possibly blacklisting all of our channels early in the payment lifecycle.

This is based on the lightning-onion PR which is also updated to reflect the latest state of attributable failures Bolt PR.

Testing

Current unit/integration tests seem to be passing, which validates that we are preserving the old behavior.

Todo:

  • Add integration tests that somehow validate the attribution data (maybe via the hold times)
  • Carry out an interoperability test with LDK/Acinq

Even though the todo list above is important to consider this PR ready to merge, this PR at current state is still good for a first round of review.

@GeorgeTsagk GeorgeTsagk self-assigned this Jun 2, 2025
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jun 2, 2025

Important

Review skipped

Auto reviews are limited to specific labels.

🏷️ Labels to auto review (1)
  • llm-review

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@saubyk saubyk added this to the v0.20.0 milestone Jun 2, 2025
@saubyk saubyk added this to lnd v0.20 Jun 2, 2025
@saubyk saubyk moved this to In progress in lnd v0.20 Jun 2, 2025
@joostjager joostjager mentioned this pull request Jun 3, 2025
Open
@GeorgeTsagk
Copy link
Collaborator Author

GeorgeTsagk commented Jun 30, 2025

Bumped lightning-onion and rebased on master

@GeorgeTsagk
Copy link
Collaborator Author

GeorgeTsagk commented Aug 1, 2025

The linter failure is only about the replace in the go.mod, which will have to stay until the dependent lightning-onion PR is merged

go.mod:226:1: replacement are not allowed: github.com/lightningnetwork/lightning-onion (gomoddirectives)
replace github.com/lightningnetwork/lightning-onion => github.com/joostjager/lightning-onion v0.0.0-20250630141312-2898b9c46c4e

@saubyk saubyk modified the milestones: v0.20.0, v0.21.0 Sep 5, 2025
@saubyk saubyk removed this from lnd v0.20 Sep 5, 2025
@ziggie1984
Copy link
Collaborator

ziggie1984 commented Sep 10, 2025

/gemini review

gemini-code-assist[bot]
gemini-code-assist bot reviewed Sep 10, 2025
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces support for attributable failures, which is a significant and complex change to the error handling and encryption logic. The core refactoring to separate shared secret extraction from error encrypter creation is well-executed and improves the design.

I've found a few issues related to the implementation:

  • An incorrect unit calculation for HTLC hold times, which deviates from the BOLT specification.
  • A logic error in handling failures for introduction nodes in a blinded path, where the wrong message type is created and attribution data is discarded.
  • A minor opportunity for code simplification in the new logging logic.

Overall, the changes are well-structured, but the identified issues, particularly the correctness ones, should be addressed. The PR description is clear about the work-in-progress nature, and this review should help in finalizing the implementation.

GeorgeTsagk and others added 7 commits September 12, 2025 13:49
@GeorgeTsagk @joostjager
htlcswitch: return error from all encrypt methods
6609bc0 
Co-authored-by: Joost Jager <[email protected]>
@GeorgeTsagk
(temp)build: bump lightning-onion
404d40c
@GeorgeTsagk @joostjager
tlcswitch: split shared secret extraction and encrypter instantiation
56f4fdf 
Preparation for the instantiation of an attributable error encrypter.
This gets rid of the sphinx encrypter instantiation in OnionProcessor.
This would otherwise be problematic when an attributable encrypter
would need to be created there without having access to the error
structure.

Co-authored-by: Joost Jager <[email protected]>
@GeorgeTsagk
lnwire: add attribution data helpers
662566c 
We add some simple helpers for the purpose of parsing the attribution
data from and to the wire format.
@GeorgeTsagk
htlcswitch+lnwallet: persist UpdateFailHTLC extra data
bf5288e 
When propagating a failure backwards along a route we want to persist
the received ExtraData of the downstream link so that any handling can
occur on our node before returning the updated ExtraData to our upstream
link.
@GeorgeTsagk
htlcswitch+routing: use attributable failures
8f79cf1 
We now call into the new encryption/decryption methods and provide the
received attribution data as an argument. The result is then also
returned to our upstream peer.
@GeorgeTsagk
htlcswitch: remove mock decryptor & sub-case
1fc33bd
@GeorgeTsagk
Copy link
Collaborator Author

GeorgeTsagk commented Sep 12, 2025

Rebased
Reminder: lint fails because of the temporary replace directive in go.mod that points to the lightning-onion PR

@lightninglabs-deploy
Copy link

lightninglabs-deploy commented Oct 31, 2025

@GeorgeTsagk, remember to re-request review from reviewers when ready

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 2 approving reviews are required to merge this pull request.

Assignees

@GeorgeTsagk GeorgeTsagk

Labels

None yet

Projects

None yet

Milestone

v0.21.0

Development

Successfully merging this pull request may close these issues.

4 participants

@GeorgeTsagk @ziggie1984 @lightninglabs-deploy @saubyk