Cover the saturating sub of the fee and anchors from funder's balance

tankyleo · tankyleo · commit ee8b846379a4 · 2025-03-17T23:23:38.000Z
The saturating subtractions used in
`ChannelContext::build_commitment_transaction` are there for a reason;
when the remote party updates the fees, we build the new commitment
transaction before checking whether the remote party has enough balance
to cover the new fee, so we cannot guarantee that the remote party's
balance will be greater than or equal to the sum of the fee and the
anchors.
diff --git a/lightning/src/ln/functional_tests.rs b/lightning/src/ln/functional_tests.rs
@@ -789,6 +789,90 @@ pub fn test_update_fee_that_funder_cannot_afford() {
 		[nodes[0].node.get_our_node_id()], channel_value);
 }
 
+#[xtest(feature = "_externalize_tests")]
+pub fn test_update_fee_that_saturates_subs() {
+	// Check that when a remote party sends us an `update_fee` message that results in a total fee
+	// on the commitment transaction that is greater than her balance, we saturate the subtractions,
+	// and force close the channel.
+
+	let mut default_config = test_default_channel_config();
+	let secp_ctx = Secp256k1::new();
+
+	let chanmon_cfgs = create_chanmon_cfgs(2);
+	let node_cfgs = create_node_cfgs(2, &chanmon_cfgs);
+	let node_chanmgrs = create_node_chanmgrs(2, &node_cfgs, &[Some(default_config), Some(default_config)]);
+	let mut nodes = create_network(2, &node_cfgs, &node_chanmgrs);
+
+	let chan_id = create_chan_between_nodes_with_value(&nodes[0], &nodes[1], 10_000, 8_500_000).3;
+
+	const FEERATE: u32 = 250 * 10; // 10sat/vb
+
+	// Assert that the new feerate will completely exhaust the balance of node 0, and saturate the
+	// subtraction of the total fee from node 0's balance.
+	let total_fee_sat = chan_utils::commit_tx_fee_sat(FEERATE, 0, &ChannelTypeFeatures::empty());
+	assert!(total_fee_sat > 1500);
+
+	const INITIAL_COMMITMENT_NUMBER: u64 = 281474976710654;
+
+	// We build a commitment transcation here only to pass node 1's check of node 0's signature
+	// in `commitment_signed`.
+
+	let remote_point = {
+		let per_peer_state = nodes[1].node.per_peer_state.read().unwrap();
+		let chan_lock = per_peer_state.get(&nodes[0].node.get_our_node_id()).unwrap().lock().unwrap();
+		let remote_chan = chan_lock.channel_by_id.get(&chan_id).and_then(Channel::as_funded).unwrap();
+		let chan_signer = remote_chan.get_signer();
+		chan_signer.as_ref().get_per_commitment_point(INITIAL_COMMITMENT_NUMBER, &secp_ctx).unwrap()
+	};
+
+	let res = {
+		let per_peer_state = nodes[0].node.per_peer_state.read().unwrap();
+		let local_chan_lock = per_peer_state.get(&nodes[1].node.get_our_node_id()).unwrap().lock().unwrap();
+		let local_chan = local_chan_lock.channel_by_id.get(&chan_id).and_then(Channel::as_funded).unwrap();
+		let local_chan_signer = local_chan.get_signer();
+		let mut htlcs: Vec<(HTLCOutputInCommitment, ())> = vec![];
+		let commitment_tx = CommitmentTransaction::new_with_auxiliary_htlc_data(
+			INITIAL_COMMITMENT_NUMBER,
+			&remote_point,
+			8500,
+			// Set a zero balance here: this is the transaction that node 1 will expect a signature for, as
+			// he will do a saturating subtraction of the total fees from node 0's balance.
+			0,
+			FEERATE,
+			&mut htlcs,
+			&local_chan.funding.channel_transaction_parameters.as_counterparty_broadcastable(),
+			&secp_ctx,
+		);
+		local_chan_signer.as_ecdsa().unwrap().sign_counterparty_commitment(
+			&local_chan.funding.channel_transaction_parameters, &commitment_tx, Vec::new(),
+			Vec::new(), &secp_ctx,
+		).unwrap()
+	};
+
+	let commit_signed_msg = msgs::CommitmentSigned {
+		channel_id: chan_id,
+		signature: res.0,
+		htlc_signatures: res.1,
+		batch: None,
+		#[cfg(taproot)]
+		partial_signature_with_nonce: None,
+	};
+
+	let update_fee = msgs::UpdateFee {
+		channel_id: chan_id,
+		feerate_per_kw: FEERATE,
+	};
+
+	nodes[1].node.handle_update_fee(nodes[0].node.get_our_node_id(), &update_fee);
+
+	nodes[1].node.handle_commitment_signed(nodes[0].node.get_our_node_id(), &commit_signed_msg);
+	nodes[1].logger.assert_log_contains("lightning::ln::channelmanager", "Funding remote cannot afford proposed new fee", 3);
+	check_added_monitors!(nodes[1], 1);
+	check_closed_broadcast!(nodes[1], true);
+	check_closed_event!(nodes[1], 1, ClosureReason::ProcessingError { err: String::from("Funding remote cannot afford proposed new fee") },
+		[nodes[0].node.get_our_node_id()], 10_000);
+}
+
 #[xtest(feature = "_externalize_tests")]
 pub fn test_update_fee_with_fundee_update_add_htlc() {
 	let chanmon_cfgs = create_chanmon_cfgs(2);
