lightningdevkit
diff --git a/‎lightning/src/ln/channel.rs
+282-61 b/‎lightning/src/ln/channel.rs
+282-61
@@ -1857,6 +1857,32 @@ impl FundingScope {
 #[cfg(splicing)]
 struct PendingSplice {
 	pub our_funding_contribution: i64,
+	sent_funding_txid: Option<Txid>,
+	received_funding_txid: Option<Txid>,
+}
+
+/// Wrapper around a [`Transaction`] useful for caching the result of [`Transaction::compute_txid`].
+struct ConfirmedTransaction<'a> {
+	tx: &'a Transaction,
+	txid: Option<Txid>,
+}
+
+impl<'a> ConfirmedTransaction<'a> {
+	/// Returns the underlying [`Transaction`].
+	pub fn tx(&self) -> &'a Transaction {
+		self.tx
+	}
+
+	/// Returns the [`Txid`], computing and caching it if necessary.
+	pub fn txid(&mut self) -> Txid {
+		*self.txid.get_or_insert_with(|| self.tx.compute_txid())
+	}
+}
+
+impl<'a> From<&'a Transaction> for ConfirmedTransaction<'a> {
+	fn from(tx: &'a Transaction) -> Self {
+		ConfirmedTransaction { tx, txid: None }
+	}
 }
 
 /// Contains everything about the channel including state, and various flags.
@@ -4859,6 +4885,40 @@ impl<SP: Deref> ChannelContext<SP> where SP::Target: SignerProvider {
 		self.get_initial_counterparty_commitment_signature(funding, logger)
 	}
 
+	#[cfg(splicing)]
+	fn check_get_splice_locked<L: Deref>(
+		&mut self, pending_splice: &PendingSplice, funding: &mut FundingScope, height: u32,
+		logger: &L,
+	) -> Option<msgs::SpliceLocked>
+	where
+		L::Target: Logger,
+	{
+		if !self.check_funding_confirmations(funding, height) {
+			return None;
+		}
+
+		let confirmed_funding_txid = match funding.get_funding_txid() {
+			Some(funding_txid) => funding_txid,
+			None => {
+				debug_assert!(false);
+				return None;
+			},
+		};
+
+		match pending_splice.sent_funding_txid {
+			Some(sent_funding_txid) if confirmed_funding_txid == sent_funding_txid => {
+				debug_assert!(false);
+				None
+			},
+			_ => {
+				Some(msgs::SpliceLocked {
+					channel_id: self.channel_id(),
+					splice_txid: confirmed_funding_txid,
+				})
+			},
+		}
+	}
+
 	fn check_funding_confirmations(&self, funding: &mut FundingScope, height: u32) -> bool {
 		let is_coinbase = funding
 			.funding_transaction
@@ -4892,6 +4952,107 @@ impl<SP: Deref> ChannelContext<SP> where SP::Target: SignerProvider {
 
 		return true;
 	}
+
+	fn check_for_funding_tx_confirmed<L: Deref>(
+		&mut self, funding: &mut FundingScope, block_hash: &BlockHash, height: u32,
+		index_in_block: usize, tx: &mut ConfirmedTransaction, logger: &L,
+	) -> Result<bool, ClosureReason>
+	where
+		L::Target: Logger
+	{
+		let funding_txo = match funding.get_funding_txo() {
+			Some(funding_txo) => funding_txo,
+			None => {
+				debug_assert!(false);
+				return Ok(false);
+			},
+		};
+
+		let mut is_funding_tx_confirmed = false;
+
+		// Check if the transaction is the expected funding transaction, and if it is,
+		// check that it pays the right amount to the right script.
+		if funding.funding_tx_confirmation_height == 0 {
+			if tx.txid() == funding_txo.txid {
+				let tx = tx.tx();
+				let txo_idx = funding_txo.index as usize;
+				if txo_idx >= tx.output.len() || tx.output[txo_idx].script_pubkey != funding.get_funding_redeemscript().to_p2wsh() ||
+						tx.output[txo_idx].value.to_sat() != funding.get_value_satoshis() {
+					if funding.is_outbound() {
+						// If we generated the funding transaction and it doesn't match what it
+						// should, the client is really broken and we should just panic and
+						// tell them off. That said, because hash collisions happen with high
+						// probability in fuzzing mode, if we're fuzzing we just close the
+						// channel and move on.
+						#[cfg(not(fuzzing))]
+						panic!("Client called ChannelManager::funding_transaction_generated with bogus transaction!");
+					}
+					self.update_time_counter += 1;
+					let err_reason = "funding tx had wrong script/value or output index";
+					return Err(ClosureReason::ProcessingError { err: err_reason.to_owned() });
+				} else {
+					if funding.is_outbound() {
+						if !tx.is_coinbase() {
+							for input in tx.input.iter() {
+								if input.witness.is_empty() {
+									// We generated a malleable funding transaction, implying we've
+									// just exposed ourselves to funds loss to our counterparty.
+									#[cfg(not(fuzzing))]
+									panic!("Client called ChannelManager::funding_transaction_generated with bogus transaction!");
+								}
+							}
+						}
+					}
+
+					// The acceptor of v1-established channels doesn't have the funding
+					// transaction until it is seen on chain. Set it so that minimum_depth
+					// checks can tell if the coinbase transaction was used.
+					if funding.funding_transaction.is_none() {
+						funding.funding_transaction = Some(tx.clone());
+					}
+
+					funding.funding_tx_confirmation_height = height;
+					funding.funding_tx_confirmed_in = Some(*block_hash);
+					funding.short_channel_id = match scid_from_parts(height as u64, index_in_block as u64, txo_idx as u64) {
+						Ok(scid) => Some(scid),
+						Err(_) => panic!("Block was bogus - either height was > 16 million, had > 16 million transactions, or had > 65k outputs"),
+					};
+				}
+
+				is_funding_tx_confirmed = true;
+			}
+		}
+
+		Ok(is_funding_tx_confirmed)
+	}
+
+	fn check_for_funding_tx_spent<L: Deref>(
+		&mut self, funding: &FundingScope, tx: &Transaction, logger: &L,
+	) -> Result<(), ClosureReason>
+	where
+		L::Target: Logger
+	{
+		let funding_txo = match funding.get_funding_txo() {
+			Some(funding_txo) => funding_txo,
+			None => {
+				debug_assert!(false);
+				return Ok(());
+			},
+		};
+
+		for input in tx.input.iter() {
+			if input.previous_output == funding_txo.into_bitcoin_outpoint() {
+				log_info!(
+					logger, "Detected channel-closing tx {} spending {}:{}, closing channel {}",
+					tx.compute_txid(), input.previous_output.txid, input.previous_output.vout,
+					&self.channel_id(),
+				);
+				return Err(ClosureReason::CommitmentTxConfirmed);
+			}
+		}
+
+		Ok(())
+	}
 }
 
 // Internal utility functions for channels
@@ -5072,6 +5233,16 @@ pub(super) struct FundedChannel<SP: Deref> where SP::Target: SignerProvider {
 	pending_splice: Option<PendingSplice>,
 }
 
+#[cfg(splicing)]
+macro_rules! promote_splice_funding {
+	($self: expr, $funding: expr) => {
+		core::mem::swap(&mut $self.funding, $funding);
+		$self.pending_splice = None;
+		$self.pending_funding.clear();
+		$self.context.announcement_sigs_state = AnnouncementSigsState::NotSent;
+	}
+}
+
 #[cfg(any(test, fuzzing))]
 struct CommitmentTxInfoCached {
 	fee: u64,
@@ -8202,75 +8373,80 @@ impl<SP: Deref> FundedChannel<SP> where
 		NS::Target: NodeSigner,
 		L::Target: Logger
 	{
-		let mut msgs = (None, None);
-		if let Some(funding_txo) = self.funding.get_funding_txo() {
-			for &(index_in_block, tx) in txdata.iter() {
-				// Check if the transaction is the expected funding transaction, and if it is,
-				// check that it pays the right amount to the right script.
-				if self.funding.funding_tx_confirmation_height == 0 {
-					if tx.compute_txid() == funding_txo.txid {
-						let txo_idx = funding_txo.index as usize;
-						if txo_idx >= tx.output.len() || tx.output[txo_idx].script_pubkey != self.funding.get_funding_redeemscript().to_p2wsh() ||
-								tx.output[txo_idx].value.to_sat() != self.funding.get_value_satoshis() {
-							if self.funding.is_outbound() {
-								// If we generated the funding transaction and it doesn't match what it
-								// should, the client is really broken and we should just panic and
-								// tell them off. That said, because hash collisions happen with high
-								// probability in fuzzing mode, if we're fuzzing we just close the
-								// channel and move on.
-								#[cfg(not(fuzzing))]
-								panic!("Client called ChannelManager::funding_transaction_generated with bogus transaction!");
-							}
-							self.context.update_time_counter += 1;
-							let err_reason = "funding tx had wrong script/value or output index";
-							return Err(ClosureReason::ProcessingError { err: err_reason.to_owned() });
-						} else {
-							if self.funding.is_outbound() {
-								if !tx.is_coinbase() {
-									for input in tx.input.iter() {
-										if input.witness.is_empty() {
-											// We generated a malleable funding transaction, implying we've
-											// just exposed ourselves to funds loss to our counterparty.
-											#[cfg(not(fuzzing))]
-											panic!("Client called ChannelManager::funding_transaction_generated with bogus transaction!");
-										}
-									}
-								}
-							}
+		for &(index_in_block, tx) in txdata.iter() {
+			let mut confirmed_tx = ConfirmedTransaction::from(tx);
+
+			// If we allow 1-conf funding, we may need to check for channel_ready or splice_locked here
+			// and send it immediately instead of waiting for a best_block_updated call (which may have
+			// already happened for this block).
+			let is_funding_tx_confirmed = self.context.check_for_funding_tx_confirmed(
+				&mut self.funding, block_hash, height, index_in_block, &mut confirmed_tx, logger,
+			)?;
 
-							// The acceptor of v1-established channels doesn't have the funding
-							// transaction until it is seen on chain. Set it so that minimum_depth
-							// checks can tell if the coinbase transaction was used.
-							if self.funding.funding_transaction.is_none() {
-								self.funding.funding_transaction = Some(tx.clone());
-							}
+			if is_funding_tx_confirmed {
+				for &(_, tx) in txdata.iter() {
+					self.context.check_for_funding_tx_spent(&self.funding, tx, logger)?;
+				}
 
-							self.funding.funding_tx_confirmation_height = height;
-							self.funding.funding_tx_confirmed_in = Some(*block_hash);
-							self.funding.short_channel_id = match scid_from_parts(height as u64, index_in_block as u64, txo_idx as u64) {
-								Ok(scid) => Some(scid),
-								Err(_) => panic!("Block was bogus - either height was > 16 million, had > 16 million transactions, or had > 65k outputs"),
-							}
-						}
-					}
-					// If we allow 1-conf funding, we may need to check for channel_ready here and
-					// send it immediately instead of waiting for a best_block_updated call (which
-					// may have already happened for this block).
-					if let Some(channel_ready) = self.check_get_channel_ready(height, logger) {
-						log_info!(logger, "Sending a channel_ready to our peer for channel {}", &self.context.channel_id);
-						let announcement_sigs = self.get_announcement_sigs(node_signer, chain_hash, user_config, height, logger);
-						msgs = (Some(FundingConfirmedMessage::Establishment(channel_ready)), announcement_sigs);
+				if let Some(channel_ready) = self.check_get_channel_ready(height, logger) {
+					log_info!(logger, "Sending a channel_ready to our peer for channel {}", &self.context.channel_id);
+					let announcement_sigs = self.get_announcement_sigs(node_signer, chain_hash, user_config, height, logger);
+					return Ok((Some(FundingConfirmedMessage::Establishment(channel_ready)), announcement_sigs));
+				}
+			}
+
+			#[cfg(splicing)]
+			let mut confirmed_funding = None;
+			#[cfg(splicing)]
+			for funding in self.pending_funding.iter_mut() {
+				if self.context.check_for_funding_tx_confirmed(
+					funding, block_hash, height, index_in_block, &mut confirmed_tx, logger,
+				)? {
+					if confirmed_funding.is_some() {
+						let err_reason = "splice tx of another pending funding already confirmed";
+						return Err(ClosureReason::ProcessingError { err: err_reason.to_owned() });
 					}
+
+					confirmed_funding = Some(funding);
+				}
+			}
+
+			#[cfg(splicing)]
+			if let Some(funding) = confirmed_funding {
+				let pending_splice = match self.pending_splice.as_mut() {
+					Some(pending_splice) => pending_splice,
+					None => {
+						// TODO: Move pending_funding into pending_splice?
+						debug_assert!(false);
+						// TODO: Error instead?
+						return Ok((None, None));
+					},
+				};
+
+				for &(_, tx) in txdata.iter() {
+					self.context.check_for_funding_tx_spent(funding, tx, logger)?;
 				}
-				for inp in tx.input.iter() {
-					if inp.previous_output == funding_txo.into_bitcoin_outpoint() {
-						log_info!(logger, "Detected channel-closing tx {} spending {}:{}, closing channel {}", tx.compute_txid(), inp.previous_output.txid, inp.previous_output.vout, &self.context.channel_id());
-						return Err(ClosureReason::CommitmentTxConfirmed);
+
+				if let Some(splice_locked) = self.context.check_get_splice_locked(pending_splice, funding, height, logger) {
+					log_info!(logger, "Sending a splice_locked to our peer for channel {}", &self.context.channel_id);
+
+					pending_splice.sent_funding_txid = Some(splice_locked.splice_txid);
+					if pending_splice.sent_funding_txid == pending_splice.received_funding_txid {
+						promote_splice_funding!(self, funding);
+
+						let announcement_sigs = self.get_announcement_sigs(node_signer, chain_hash, user_config, height, logger);
+						return Ok((Some(FundingConfirmedMessage::Splice(splice_locked)), announcement_sigs));
 					}
+
+					return Ok((Some(FundingConfirmedMessage::Splice(splice_locked)), None));
 				}
 			}
+
+			self.context.check_for_funding_tx_spent(&self.funding, tx, logger)?;
+
 		}
-		Ok(msgs)
+
+		Ok((None, None))
 	}
 
 	/// When a new block is connected, we check the height of the block against outbound holding
@@ -8363,6 +8539,49 @@ impl<SP: Deref> FundedChannel<SP> where
 			return Err(ClosureReason::FundingTimedOut);
 		}
 
+		#[cfg(splicing)]
+		let mut confirmed_funding = None;
+		#[cfg(splicing)]
+		for funding in self.pending_funding.iter_mut() {
+			if confirmed_funding.is_some() {
+				let err_reason = "splice tx of another pending funding already confirmed";
+				return Err(ClosureReason::ProcessingError { err: err_reason.to_owned() });
+			}
+
+			confirmed_funding = Some(funding);
+		}
+
+		#[cfg(splicing)]
+		if let Some(funding) = confirmed_funding {
+			let pending_splice = match self.pending_splice.as_mut() {
+				Some(pending_splice) => pending_splice,
+				None => {
+					// TODO: Move pending_funding into pending_splice?
+					debug_assert!(false);
+					// TODO: Error instead?
+					return Ok((None, timed_out_htlcs, None));
+				},
+			};
+
+			if let Some(splice_locked) = self.context.check_get_splice_locked(pending_splice, funding, height, logger) {
+				log_info!(logger, "Sending a splice_locked to our peer for channel {}", &self.context.channel_id);
+
+				pending_splice.sent_funding_txid = Some(splice_locked.splice_txid);
+				if pending_splice.sent_funding_txid == pending_splice.received_funding_txid {
+					promote_splice_funding!(self, funding);
+
+					let mut announcement_sigs = None;
+					if let Some((chain_hash, node_signer, user_config)) = chain_node_signer {
+						announcement_sigs = self.get_announcement_sigs(node_signer, chain_hash, user_config, height, logger);
+					}
+
+					return Ok((Some(FundingConfirmedMessage::Splice(splice_locked)), timed_out_htlcs, announcement_sigs));
+				}
+
+				return Ok((Some(FundingConfirmedMessage::Splice(splice_locked)), timed_out_htlcs, None));
+			}
+		}
+
 		let announcement_sigs = if let Some((chain_hash, node_signer, user_config)) = chain_node_signer {
 			self.get_announcement_sigs(node_signer, chain_hash, user_config, height, logger)
 		} else { None };
@@ -8694,6 +8913,8 @@ impl<SP: Deref> FundedChannel<SP> where
 
 		self.pending_splice = Some(PendingSplice {
 			our_funding_contribution: our_funding_contribution_satoshis,
+			sent_funding_txid: None,
+			received_funding_txid: None,
 		});
 
 		let msg = self.get_splice_init(our_funding_contribution_satoshis, funding_feerate_per_kw, locktime);