From a9def6d8980f670487b4d3afd3f651eb7741de01 Mon Sep 17 00:00:00 2001 From: Antoine Riard Date: Tue, 7 Apr 2020 21:27:56 -0400 Subject: [PATCH 1/2] Bound value of max_dust_limit_satoshis to 10*bitcoin network dust A too-high dust_limit_satoshis announced by remote party for their commitment transaction may be exploited. --- lightning/src/util/config.rs | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/lightning/src/util/config.rs b/lightning/src/util/config.rs index c76747cbbf8..7d424843c41 100644 --- a/lightning/src/util/config.rs +++ b/lightning/src/util/config.rs @@ -120,11 +120,10 @@ pub struct ChannelHandshakeLimits { /// /// Default value: 546, the current dust limit on the Bitcoin network. pub min_dust_limit_satoshis: u64, - /// Maximum allowed threshold above which outputs will not be generated in their commitment - /// transactions. - /// HTLCs below this amount plus HTLC transaction fees are not enforceable on-chain. + /// Maximum allowed value for considering an output as dust on their commitment+HTLC + /// transactions, above which channel opening is rejected. /// - /// Default value: u64::max_value. + /// Default value: 10*546 pub max_dust_limit_satoshis: u64, /// Before a channel is usable the funding transaction will need to be confirmed by at least a /// certain number of blocks, specified by the node which is not the funder (as the funder can @@ -158,7 +157,7 @@ impl Default for ChannelHandshakeLimits { max_channel_reserve_satoshis: ::max_value(), min_max_accepted_htlcs: 0, min_dust_limit_satoshis: 546, - max_dust_limit_satoshis: ::max_value(), + max_dust_limit_satoshis: 10*546, max_minimum_depth: 144, force_announced_channel_preference: true, their_to_self_delay: MAX_LOCAL_BREAKDOWN_TIMEOUT, From 31a9ee9453623df2ebb3bcb5581d2cce09409d93 Mon Sep 17 00:00:00 2001 From: Antoine Riard Date: Tue, 7 Apr 2020 21:51:50 -0400 Subject: [PATCH 2/2] Add bolt2_open_channel_sane_dust_limit --- lightning/src/ln/functional_tests.rs | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/lightning/src/ln/functional_tests.rs b/lightning/src/ln/functional_tests.rs index e6b9939efd9..dfc7e133f7d 100644 --- a/lightning/src/ln/functional_tests.rs +++ b/lightning/src/ln/functional_tests.rs @@ -5743,6 +5743,31 @@ fn bolt2_open_channel_sending_node_checks_part2() { assert!(PublicKey::from_slice(&node0_to_1_send_open_channel.delayed_payment_basepoint.serialize()).is_ok()); } +#[test] +fn bolt2_open_channel_sane_dust_limit() { + let chanmon_cfgs = create_chanmon_cfgs(2); + let node_cfgs = create_node_cfgs(2, &chanmon_cfgs); + let node_chanmgrs = create_node_chanmgrs(2, &node_cfgs, &[None, None]); + let nodes = create_network(2, &node_cfgs, &node_chanmgrs); + + let channel_value_satoshis=1000000; + let push_msat=10001; + nodes[0].node.create_channel(nodes[1].node.get_our_node_id(), channel_value_satoshis, push_msat, 42, None).unwrap(); + let mut node0_to_1_send_open_channel = get_event_msg!(nodes[0], MessageSendEvent::SendOpenChannel, nodes[1].node.get_our_node_id()); + node0_to_1_send_open_channel.dust_limit_satoshis = 100000; + node0_to_1_send_open_channel.channel_reserve_satoshis = 100001; + + nodes[1].node.handle_open_channel(&nodes[0].node.get_our_node_id(), InitFeatures::supported(), &node0_to_1_send_open_channel); + let events = nodes[1].node.get_and_clear_pending_msg_events(); + let err_msg = match events[0] { + MessageSendEvent::HandleError { action: ErrorAction::SendErrorMessage { ref msg }, node_id: _ } => { + msg.clone() + }, + _ => panic!("Unexpected event"), + }; + assert_eq!(err_msg.data, "dust limit satoshis is greater than the user specified limit"); +} + // BOLT 2 Requirements for the Sender when constructing and sending an update_add_htlc message. // BOLT 2 Requirement: MUST NOT offer amount_msat it cannot pay for in the remote commitment transaction at the current feerate_per_kw (see "Updating Fees") while maintaining its channel reserve. //TODO: I don't believe this is explicitly enforced when sending an HTLC but as the Fee aspect of the BOLT specs is in flux leaving this as a TODO.