Add force-close inbound HTLC on fee spikes detection

Author: Antoine Riard

lightning/src/chain/channelmonitor.rs

@@ -40,7 +40,7 @@ use ln::chan_utils::{CounterpartyCommitmentSecrets, HTLCOutputInCommitment, HTLC
 use ln::channelmanager::HTLCSource;
 use chain;
 use chain::{BestBlock, WatchedOutput};
-use chain::chaininterface::{BroadcasterInterface, FeeEstimator};
+use chain::chaininterface::{BroadcasterInterface, ConfirmationTarget, FeeEstimator};
 use chain::transaction::{OutPoint, TransactionData};
 use chain::keysinterface::{SpendableOutputDescriptor, StaticPaymentOutputDescriptor, DelayedPaymentOutputDescriptor, Sign, KeysInterface};
 use chain::onchaintx::OnchainTxHandler;
@@ -701,6 +701,8 @@ pub(crate) struct ChannelMonitorImpl<Signer: Sign> {
 	/// spending CSV for revocable outputs).
 	htlcs_resolved_on_chain: Vec<IrrevocablyResolvedHTLC>,
 
+	spikes_force_close_rate: u32,
+
 	// We simply modify best_block in Channel's block_connected so that serialization is
 	// consistent but hopefully the users' copy handles block_connected in a consistent way.
 	// (we do *not*, however, update them in update_monitor to ensure any local user copies keep
@@ -935,6 +937,7 @@ impl<Signer: Sign> Writeable for ChannelMonitorImpl<Signer> {
 			(1, self.funding_spend_confirmed, option),
 			(3, self.htlcs_resolved_on_chain, vec_type),
 			(5, self.pending_monitor_events, vec_type),
+			(7, self.spikes_force_close_rate, required),
 		});
 
 		Ok(())
@@ -948,7 +951,8 @@ impl<Signer: Sign> ChannelMonitor<Signer> {
 	                  funding_redeemscript: Script, channel_value_satoshis: u64,
 	                  commitment_transaction_number_obscure_factor: u64,
 	                  initial_holder_commitment_tx: HolderCommitmentTransaction,
-	                  best_block: BestBlock) -> ChannelMonitor<Signer> {
+	                  best_block: BestBlock,
+			  spikes_force_close_rate: u32) -> ChannelMonitor<Signer> {
 
 		assert!(commitment_transaction_number_obscure_factor <= (1 << 48));
 		let payment_key_hash = WPubkeyHash::hash(&keys.pubkeys().payment_point.serialize());
@@ -1036,6 +1040,8 @@ impl<Signer: Sign> ChannelMonitor<Signer> {
 				funding_spend_confirmed: None,
 				htlcs_resolved_on_chain: Vec::new(),
 
+				spikes_force_close_rate,
+
 				best_block,
 
 				secp_ctx,
@@ -2431,7 +2437,7 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 		log_trace!(logger, "Processing {} matched transactions for block at height {}.", txn_matched.len(), conf_height);
 		debug_assert!(self.best_block.height() >= conf_height);
 
-		let should_broadcast = self.should_broadcast_holder_commitment_txn(logger);
+		let should_broadcast = self.should_broadcast_holder_commitment_txn(if self.should_force_close_fee_spikes(fee_estimator, self.current_holder_commitment_tx.feerate_per_kw) { true } else { false }, logger);
 		if should_broadcast {
 			let funding_outp = HolderFundingOutput::build(self.funding_redeemscript.clone());
 			let commitment_package = PackageTemplate::build_package(self.funding_info.0.txid.clone(), self.funding_info.0.index as u32, PackageSolvingData::HolderFundingOutput(funding_outp), self.best_block.height(), false, self.best_block.height());
@@ -2622,7 +2628,18 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 		false
 	}
 
-	fn should_broadcast_holder_commitment_txn<L: Deref>(&self, logger: &L) -> bool where L::Target: Logger {
+	fn should_force_close_fee_spikes<F: Deref>(&self, fee_estimator: &F, current_feerate: u32) -> bool where F::Target: FeeEstimator {
+
+		let new_feerate = fee_estimator.get_est_sat_per_1000_weight(ConfirmationTarget::Normal);
+		// Verify the new feerate is at least superior by 30% of current feerate before to start
+		// a autoclose timer.
+		if new_feerate < current_feerate * self.spikes_force_close_rate / 1000 {
+			return true;
+		}
+		false
+	}
+
+	fn should_broadcast_holder_commitment_txn<L: Deref>(&self, spikes_force_close: bool, logger: &L) -> bool where L::Target: Logger {
 		// We need to consider all HTLCs which are:
 		//  * in any unrevoked counterparty commitment transaction, as they could broadcast said
 		//    transactions and we'd end up in a race, or
@@ -2662,7 +2679,7 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 					//  with CHECK_CLTV_EXPIRY_SANITY_2.
 					let htlc_outbound = $holder_tx == htlc.offered;
 					if ( htlc_outbound && htlc.cltv_expiry + LATENCY_GRACE_PERIOD_BLOCKS <= height) ||
-					   (!htlc_outbound && htlc.cltv_expiry <= height + CLTV_CLAIM_BUFFER && self.payment_preimages.contains_key(&htlc.payment_hash)) {
+					   ((!htlc_outbound && (htlc.cltv_expiry <= height + CLTV_CLAIM_BUFFER || spikes_force_close)) && self.payment_preimages.contains_key(&htlc.payment_hash)) { //TODO: don't force-close if dust satoshis
 						log_info!(logger, "Force-closing channel due to {} HTLC timeout, HTLC expiry is {}", if htlc_outbound { "outbound" } else { "inbound "}, htlc.cltv_expiry);
 						return true;
 					}
@@ -3206,10 +3223,12 @@ impl<'a, Signer: Sign, K: KeysInterface<Signer = Signer>> ReadableArgs<&'a K>
 
 		let mut funding_spend_confirmed = None;
 		let mut htlcs_resolved_on_chain = Some(Vec::new());
+		let mut spikes_force_close_rate = 0;
 		read_tlv_fields!(reader, {
 			(1, funding_spend_confirmed, option),
 			(3, htlcs_resolved_on_chain, vec_type),
 			(5, pending_monitor_events, vec_type),
+			(7, spikes_force_close_rate, required),
 		});
 
 		let mut secp_ctx = Secp256k1::new();
@@ -3262,6 +3281,8 @@ impl<'a, Signer: Sign, K: KeysInterface<Signer = Signer>> ReadableArgs<&'a K>
 				funding_spend_confirmed,
 				htlcs_resolved_on_chain: htlcs_resolved_on_chain.unwrap(),
 
+				spikes_force_close_rate,
+
 				best_block,
 
 				secp_ctx,
@@ -3392,7 +3413,8 @@ mod tests {
 		                                  (OutPoint { txid: Txid::from_slice(&[43; 32]).unwrap(), index: 0 }, Script::new()),
 		                                  &channel_parameters,
 		                                  Script::new(), 46, 0,
-		                                  HolderCommitmentTransaction::dummy(), best_block);
+		                                  HolderCommitmentTransaction::dummy(), best_block,
+						  1300);
 
 		monitor.provide_latest_holder_commitment_tx(HolderCommitmentTransaction::dummy(), preimages_to_holder_htlcs!(preimages[0..10])).unwrap();
 		let dummy_txid = dummy_tx.txid();

lightning/src/ln/channel.rs

@@ -1896,7 +1896,8 @@ impl<Signer: Sign> Channel<Signer> {
 		                                          &self.channel_transaction_parameters,
 		                                          funding_redeemscript.clone(), self.channel_value_satoshis,
 		                                          obscure_factor,
-		                                          holder_commitment_tx, best_block);
+		                                          holder_commitment_tx, best_block,
+							  self.config.spikes_force_close_rate);
 
 		channel_monitor.provide_latest_counterparty_commitment_tx(counterparty_initial_commitment_txid, Vec::new(), self.cur_counterparty_commitment_transaction_number, self.counterparty_cur_commitment_point.unwrap(), logger);
 
@@ -1973,7 +1974,8 @@ impl<Signer: Sign> Channel<Signer> {
 		                                          &self.channel_transaction_parameters,
 		                                          funding_redeemscript.clone(), self.channel_value_satoshis,
 		                                          obscure_factor,
-		                                          holder_commitment_tx, best_block);
+		                                          holder_commitment_tx, best_block,
+							  self.config.spikes_force_close_rate);
 
 		channel_monitor.provide_latest_counterparty_commitment_tx(counterparty_initial_bitcoin_tx.txid, Vec::new(), self.cur_counterparty_commitment_transaction_number, self.counterparty_cur_commitment_point.unwrap(), logger);
 

lightning/src/util/config.rs

@@ -246,6 +246,13 @@ pub struct ChannelConfig {
 	/// [`Normal`]: crate::chain::chaininterface::ConfirmationTarget::Normal
 	/// [`Background`]: crate::chain::chaininterface::ConfirmationTarget::Background
 	pub force_close_avoidance_max_fee_satoshis: u64,
+	/// When we detect a fee spikes and receive a block, we force-close immediately channel
+	/// with pending non-dust inbound HTLCs, of which the preimage is known.
+	///
+	/// To disable the force-close on fee spikes mechanism, select 0 as a rate.
+	///
+	/// Default value: 30%
+	pub spikes_force_close_rate: u32,
 }
 
 impl Default for ChannelConfig {
@@ -259,6 +266,7 @@ impl Default for ChannelConfig {
 			commit_upfront_shutdown_pubkey: true,
 			max_dust_htlc_exposure_msat: 5_000_000,
 			force_close_avoidance_max_fee_satoshis: 1000,
+			spikes_force_close_rate: 1300,
 		}
 	}
 }
@@ -269,6 +277,7 @@ impl_writeable_tlv_based!(ChannelConfig, {
 	(2, cltv_expiry_delta, required),
 	(3, force_close_avoidance_max_fee_satoshis, (default_value, 1000)),
 	(4, announced_channel, required),
+	(5, spikes_force_close_rate, (default_value, 1300)),
 	(6, commit_upfront_shutdown_pubkey, required),
 	(8, forwarding_fee_base_msat, required),
 });