Instead of some functions operating with hex strings,
and others using bytes, this consolidates most things to use bytes.
This mainly focuses on bitcoin.py and transaction.py,
and then adapts the API usages in other files.
Notably,
- scripts,
- pubkeys,
- signatures
should be bytes in almost all places now.
This gives more time for the client to come back online.
see https://github.com/spesmilo/electrum/issues/8940
- re note on submarine_swaps.py#L53:
lnpeer.Peer.maybe_fulfill_htlc only checks against MIN_FINAL_CLTV_DELTA_ACCEPTED(=144),
so this increased cltv_delta is not enforced when receiving the htlc on ln.
It is put in the invoice, so the sender is supposed to honour it ofc.
It would be nice to enforce it (make the check in maybe_fulfill_htlc dependent on
what was in the invoice).
- all forwarding types use the same flow
- forwarding callback returns a htlc_key or None
- forwarding info is persisted in lnworker:
- ongoing_forwardings
- downstream to upstream htlc_key
- htlc_key -> error_bytes
where the user has the preimage.
The CLTV requirements between old and new flow are imcompatible.
With the current locktime value, the server was vulnerable to an
attack where the client does not settle the lightning payment
and claims a refund. In order to support both old and new flows,
one would need to use different locktimes.
cancel_normal_swap unregisters the hold invoice, which can occur before register_hold_invoice in wait_for_htlcs_and_broadcast
if the network call has not returned yet.
Somewhat a follow-up to 649ce979ab.
This adds some safety belts so we don't accidentally sign a tx that
contains a dummy address.
Specifically we check that tx does not contain output for dummy addr:
- in wallet.sign_transaction
- in network.broadcast_transaction
The second one is perhaps redundant, but I think it does not hurt.
Note that HTLCs must not be cancelled after the funding transaction
has been broadcast. If one want to cancel a swap once the funding
transaction is in mempool, one should double spend the transaction.
Besides a literal value, the default can now also be a callable,
which gets called with the config and evaluated as needed, lazily.
This potentially allows e.g. the default value of one configvar to
depend on the current value of another configvar.
- client requests payment_hash from the server
- client sends an invoice with that hash
- client waits to receive HTLCs, then broadcasts funding tx
This means that we now use same script for normal and reverse swaps.
The new flow is enabled by setting option LIGHTNING_SWAP_HTLC_FIRST
in the client. The old protocol is still supported server-side.
- rename trampoline_forwardings -> final_onion_forwardings,
because this dict is used for both trampoline and hold invoices
- remove timeout from hold_invoice_callbacks (redundant with invoice)
- add test_failure boolean parameter to TestPeer._test_simple_payment,
in order to test correct propagation of OnionRoutingFailures.
- maybe_fulfill_htlc: raise an OnionRoutingFailure if we do not have
the preimage for a payment that does not have a hold invoice callback.
Without this, the above unit tests stall when we use test_failure=True
ThomasV
SomberNight
MrNaif2018
Sander van Grieken