Bump transaction event handler fixups #2393
Conversation
Codecov ReportPatch coverage:
❗ Your organization is not using the GitHub App Integration. As a result you may experience degraded service beginning May 15th. Please install the Github App Integration for your organization. Read more. Additional details and impacted files@@ Coverage Diff @@
## main #2393 +/- ##
==========================================
- Coverage 90.30% 90.26% -0.05%
==========================================
Files 106 106
Lines 55175 55188 +13
Branches 55175 55188 +13
==========================================
- Hits 49828 49816 -12
- Misses 5347 5372 +25
☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Thanks! CI break is due to doc links, this diff should fix it:
diff --git a/lightning/src/events/bump_transaction.rs b/lightning/src/events/bump_transaction.rs
index fd2e9b93..efeec55c 100644
--- a/lightning/src/events/bump_transaction.rs
+++ b/lightning/src/events/bump_transaction.rs
@@ -238,8 +238,8 @@ pub enum BumpTransactionEvent {
/// child anchor transaction. To sign its anchor input, an [`InMemorySigner`] should be
/// re-derived through [`KeysManager::derive_channel_keys`] with the help of
- /// [`AnchorDescriptor::channel_keys_id`] and [`AnchorDescriptor::channel_value_satoshis`]. The
- /// anchor input signature can be computed with [`EcdsaChannelSigner::sign_holder_anchor_input`],
- /// which can then be provided to [`build_anchor_input_witness`] along with the `funding_pubkey`
- /// to obtain the full witness required to spend.
+ /// [`AnchorDescriptor::channel_derivation_parameters`]. The anchor input signature can be
+ /// computed with [`EcdsaChannelSigner::sign_holder_anchor_input`], which can then be provided
+ /// to [`build_anchor_input_witness`] along with the `funding_pubkey` to obtain the full
+ /// witness required to spend.
///
/// It is possible to receive more than one instance of this event if a valid child anchor
@@ -614,4 +614,6 @@ impl<W: Deref> CoinSelectionSource for Wallet<W> where W::Target: WalletSource {
/// [`CoinSelectionSource`] to fee bump transactions via Child-Pays-For-Parent (CPFP) or
/// Replace-By-Fee (RBF).
+///
+/// [`Event::BumpTransaction`]: crate::events::Event::BumpTransaction
pub struct BumpTransactionEventHandler<B: Deref, C: Deref, SP: Deref, L: Deref>
where
@@ -636,4 +638,6 @@ where
{
/// Returns a new instance capable of handling [`Event::BumpTransaction`] events.
+ ///
+ /// [`Event::BumpTransaction`]: crate::events::Event::BumpTransaction
pub fn new(broadcaster: B, utxo_source: C, signer_provider: SP, logger: L) -> Self {
Self {
There was a problem hiding this comment.
I'm unfortunately still struggling to use BDK's TxBuilder to implement CoinSelectionSource::select_confirmed_utxos.
- If I'm not overlooking something BDK's interface doesn't allow me to filter the selected UTXOs to only include confirmed outputs, see Expose way to select only (n-)confirmed UTXOs for TX creation bitcoindevkit/bdk#1029.
- I'm trying to add the
must_spend: &[Input]given byCoinSelectionSource::select_confirmed_utxosviaTxBuilder::add_foreign_utxo, which however takes apsbt::Inputthat IIUC in turn requires me to at least supply the previousTxOutthe input is spending from, possibly also the fullTransactionif we want to include thenon_witness_utxo, which BDK's signer requires by default. Would be nice to have them included inbump_transaction::Input.
For now, I'll probably have to stick with using WalletSource (cf. lightningdevkit/ldk-node#105)
wpaulino
force-pushed
the
bump-transaction-event-handler-fixups
branch
from
04e916f
to
e413165
Compare
Providing the full transaction will be a bit tricky for HTLCs, better to leave it as a follow-up and not block the release on it. For now, at least the spending |
There was a problem hiding this comment.
I wonder if a smarter move in term of codebase interfaces wouldn’t be to have the AnchorDescriptor here specified as real output descriptors, and therefore from the LDK-side we put the burden on downstream projects like ldk-node for the compatibility.
Specifying the descriptors make it easier to have them compatible with other LDK downstream projects like VLS, or LDK-based server nodes. Descriptors are nice as they start to be integrated with hardware wallets descriptors.
| /// The transaction input's outpoint corresponding to the commitment transaction's anchor | ||
| /// output. | ||
| pub outpoint: OutPoint, | ||
| } | ||
|
|
||
| impl AnchorDescriptor { |
There was a problem hiding this comment.
If we can update the AnchorDescriptor document to say its a “custom LDK” descriptor and not an output descriptors as documented in https://github.com/bitcoin/bitcoin/blob/master/doc/descriptors.md. All the *Descriptor in lightning/src/sign/mod.rs are coming in an inspiration from the Core’s descriptor. When we introduced *Descriptor in rust-lightning, I think I discussed with the Core’s side to have the lightning scripts standardized as such real descriptors. They would have to modify the base descriptor language at that time to include the preimage operation iirc.
|
I don't see how we could build Bitcoin Core-style descriptors out of lightning anchor outputs given the requirements/format, I'm not sure how that's relevant. |
| /// [`ChannelSigner::provide_channel_parameters`]. | ||
| /// | ||
| /// [`ChannelSigner::provide_channel_parameters`]: crate::sign::ChannelSigner::provide_channel_parameters | ||
| pub transaction_parameters: ChannelTransactionParameters, |
There was a problem hiding this comment.
Why do these need to be exposed? Signers doing enforcement should have this cached, if not they shouldn't need it.
There was a problem hiding this comment.
Hm, that's a fair point, but from the current documentation users may expect the parameters to be provided shortly after derivation instead of storing them.
There was a problem hiding this comment.
Hmmm, then I'd rather update the docs (on the anchor handling structs and the trait) and mention this rather than storing the channel parameters in all our events and shuffling them around just to copy them into the signer and then ignore them...
There was a problem hiding this comment.
We still need them to obtain the per-commitment keys and re-derive the descriptor's witness script. Unless you'd rather just provide each party's ChannelPublicKeys directly, which ChannelTransactionParameters essentially is a small wrapper over, so it doesn't seem like a big deal to keep things as is.
There was a problem hiding this comment.
Ah, grrrrrrrrrrrrrrrr, man that's a lot of crap to schlep around for one pubkey. I guess I'm fine with it the way it is, just annoyed.
That's the thing, I had the discussion with sipa back in the days and there would be a need to upgrade the descriptor format/requirements. The idea is good given integration with hardware wallets and "cold" signers, though given if it does happen it will take a bunch of time, let's not take it as a bottleneck here. Already have a lot of more priority things on my todo on the LN-side (and I think same on folks on this PR thread), so I'll see if I can find a summer-of-bitcoin enthusiast to champion the idea. |
wpaulino
force-pushed
the
bump-transaction-event-handler-fixups
branch
from
e413165
to
f17c05a
Compare
|
Needs rebase. |
There's no reason to accept the general `Event` enum.
These are meant to be provided by the user, so they need to be exposed in the API.
wpaulino
force-pushed
the
bump-transaction-event-handler-fixups
branch
from
f17c05a
to
ceacdbf
Compare
| /// Returns the UTXO to be spent by the anchor input, which can be obtained via | ||
| /// [`Self::unsigned_tx_input`]. | ||
| pub fn previous_utxo(&self) -> TxOut { | ||
| TxOut { |
There was a problem hiding this comment.
Would very much like to see some test coverage of this so we can check that this and the HTLC variant's scripts are right.
There was a problem hiding this comment.
See #2403. Each transaction produced by the event handler should have a check_spends assertion to verify script execution.
This allows us to obtain the HTLC input and output from its descriptor without needing to derive the `per_commitment_point` through the signer.
Users may expect these to be provided manually after derivation in the event they need to perform any enforcement prior to signing.
This provides a similar interface as `HTLCDescriptor` for users which choose to implement their own bump transaction event handler.
This may be required by some wallets that rely on PSBTs internally to create/sign transactions.
wpaulino
force-pushed
the
bump-transaction-event-handler-fixups
branch
from
ceacdbf
to
4c7883c
Compare
This PR addresses some follow-up comments from #2089 and a few gaps in the API that were found by @tnull when adding anchors support in
ldk-node.