Error if the calculated reserve would be greater than the channel value#4580
Error if the calculated reserve would be greater than the channel value#4580tankyleo wants to merge 2 commits intolightningdevkit:mainfrom
Conversation
|
👋 Thanks for assigning @TheBlueMatt as a reviewer! |
tankyleo
force-pushed
the
2026-04-reserve-greater-than-channel-value
branch
from
7d64174 to
06a604d
Compare
tankyleo
force-pushed
the
2026-04-reserve-greater-than-channel-value
branch
from
06a604d to
9669465
Compare
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #4580 +/- ##
==========================================
- Coverage 86.18% 86.11% -0.07%
==========================================
Files 156 157 +1
Lines 108528 108871 +343
Branches 108528 108871 +343
==========================================
+ Hits 93532 93752 +220
- Misses 12386 12504 +118
- Partials 2610 2615 +5
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
tankyleo
requested review from
TheBlueMatt and
wpaulino
and removed request for
joostjager
| == 0, | ||
| ); | ||
| ) | ||
| .map_err(|()| format!("The post-splice channel value {post_channel_value_sat} is smaller than our dust limit {MIN_CHAN_DUST_LIMIT_SATOSHIS}"))?; |
There was a problem hiding this comment.
Bug: The error message references MIN_CHAN_DUST_LIMIT_SATOSHIS but the actual dust limit passed to get_v2_channel_reserve_satoshis on line 2822 is context.holder_dust_limit_satoshis. These can differ (e.g. in anchor channels with higher dust limits, or as demonstrated by the new test which sets holder_dust_limit_satoshis = 10_000). The error message will report an incorrect (lower) value when the holder's dust limit exceeds the minimum.
| .map_err(|()| format!("The post-splice channel value {post_channel_value_sat} is smaller than our dust limit {MIN_CHAN_DUST_LIMIT_SATOSHIS}"))?; | |
| .map_err(|()| format!("The post-splice channel value {post_channel_value_sat} is smaller than our dust limit {}", context.holder_dust_limit_satoshis))?; |
|
I've completed a thorough review of every file and hunk in this PR. The changes are well-structured — the reserve functions now properly reject cases where the channel value is below the dust limit or minimum reserve, the No new issues found. Prior review status: My previous inline comment at Verification notes:
|
| next_splice_out_maximum_sat = | ||
| (local_balance_before_fee_msat / 1000).saturating_sub(min_balance_sat); | ||
| } | ||
| // We only bother to check the local commitment here, the counterparty will check its own commitment. |
There was a problem hiding this comment.
Is the thinking here that because the counterparty set a reserve we assume (I guess probably check somewhere) that reserve is high enough to allow for an output? Not entirely sure its worth changing this to make that assumption.
There was a problem hiding this comment.
Thanks I dropped this diff hunk, see below
In 0FC channels, capping the reserve to the total value of the channel allowed a splice initiator to withdraw past their reserve in case the acceptor had no balance in the channel. This is because the post-splice value of the channel was equal to the initiator's post splice balance. Hence, this post splice balance always matched the reserve, even though the reserve was below the dust limit. The only thing that prevented the initiator from withdrawing all their balance was the script dust limit check in `interactivetxs::NegotiationContext::receive_tx_add_output`. In case the splice acceptor had any balance in the channel, or there were HTLCs in the channel, or the channel was not 0FC, the splice initiator's post-splice balance was always below the full channel value. Hence when the reserve was capped at the channel value, the post-splice balance was always below the reserve, and the splice was rejected. Also, in `validate_splice_contributions`, to determine the `counterparty_selected_channel_reserve`, we now read the holder's dust limit from the context, instead of the current global constant.
We made the same change to the calculation of the v2 reserve in the previous commit.
tankyleo
force-pushed
the
2026-04-reserve-greater-than-channel-value
branch
from
9669465 to
53e156a
Compare
|
Dropped the move of the diff --git a/lightning/src/ln/channel.rs b/lightning/src/ln/channel.rs
index e59855d28..137bdd28f 100644
--- a/lightning/src/ln/channel.rs
+++ b/lightning/src/ln/channel.rs
@@ -2825,14 +2825,25 @@
.expect("counterparty reserve is set")
== 0,
)
- .map_err(|()| format!("The post-splice channel value {post_channel_value_sat} is smaller than our dust limit {MIN_CHAN_DUST_LIMIT_SATOSHIS}"))?;
- let their_dust_limit_satoshis = context.counterparty_dust_limit_satoshis;
+ .map_err(|()| {
+ format!(
+ "The post-splice channel value {post_channel_value_sat} is smaller \
+ than our dust limit {}",
+ context.holder_dust_limit_satoshis
+ )
+ })?;
let holder_selected_channel_reserve_satoshis = get_v2_channel_reserve_satoshis(
post_channel_value_sat,
- their_dust_limit_satoshis,
+ context.counterparty_dust_limit_satoshis,
prev_funding.holder_selected_channel_reserve_satoshis == 0,
)
- .map_err(|()| format!("The post-splice channel value {post_channel_value_sat} is smaller than their dust limit {their_dust_limit_satoshis}"))?;
+ .map_err(|()| {
+ format!(
+ "The post-splice channel value {post_channel_value_sat} is smaller \
+ than their dust limit {}",
+ context.counterparty_dust_limit_satoshis,
+ )
+ })?;
Ok(Self {
channel_transaction_parameters: post_channel_transaction_parameters, |
4 participants
Uh oh!
There was an error while loading. Please reload this page.