Verify the holder provided valid witnesses and uses SIGHASH_ALL

LDK checks the following:
 * Each input spends an output that is one of P2WPKH, P2WSH, or P2TR.
   These were already checked by LDK when the inputs to be contributed
   were provided.
 * All signatures use the `SIGHASH_ALL` sighash type.
 * P2WPKH and P2TR key path spends are valid (verifies signatures)

NOTE:
 * When checking P2WSH spends, LDK tries to decode 70-72 byte witness
   elements as ECDSA signatures with a sighash flag. If the internal
   DER-decoding fails, then LDK just assumes it wasn't a signature and
   carries with checks. If the element can be decoded as an ECDSA
   signature, the the sighash flag must be `SIGHASH_ALL`.
 * When checking P2TR script-path spends, LDK assumes all elements of
   exactly 65 bytes with the last byte matching any valid sighash flag
   byte are schnorr signatures and checks that the sighash type is
   `SIGHASH_ALL`. If the last byte is not any valid sighash flag, the
   element is assumed not to be a signature and is ignored. Elements of
   64 bytes are not checked because if they were schnorr signatures then
   they would implicitly be `SIGHASH_DEFAULT` which is an alias of
   `SIGHASH_ALL`.

Author: dunxen

lightning/src/ln/channel.rs

@@ -7603,11 +7603,12 @@ where
 		}
 	}
 
-	fn verify_interactive_tx_signatures(&mut self, _witnesses: &Vec<Witness>) {
-		if let Some(ref mut _signing_session) = self.interactive_tx_signing_session {
-			// Check that sighash_all was used:
-			// TODO(dual_funding): Check sig for sighash
-		}
+	#[cfg(splicing)]
+	fn is_splicing(&self) -> bool {
+		self.pending_splice
+			.as_ref()
+			.and_then(|pending_splice| Some(pending_splice.funding.is_some()))
+			.unwrap_or(false)
 	}
 
 	pub fn funding_transaction_signed<L: Deref>(
@@ -7616,14 +7617,21 @@ where
 	where
 		L::Target: Logger,
 	{
-		self.verify_interactive_tx_signatures(&witnesses);
 		if let Some(ref mut signing_session) = self.interactive_tx_signing_session {
+			signing_session.verify_interactive_tx_signatures(&self.context.secp_ctx, &witnesses)?;
 			let logger = WithChannelContext::from(logger, &self.context, None);
 			if let Some(holder_tx_signatures) = signing_session
 				.provide_holder_witnesses(self.context.channel_id, witnesses)
 				.map_err(|err| APIError::APIMisuseError { err })?
 			{
-				if self.is_awaiting_initial_mon_persist() {
+				#[cfg(splicing)]
+				let is_monitor_update_in_progress = self.is_awaiting_initial_mon_persist()
+					|| self.is_splicing()
+						&& self.context.channel_state.is_monitor_update_in_progress();
+				#[cfg(not(splicing))]
+				let is_monitor_update_in_progress = self.is_awaiting_initial_mon_persist();
+
+				if is_monitor_update_in_progress {
 					log_debug!(
 						logger,
 						"Not sending tx_signatures: a monitor update is in progress."

lightning/src/ln/channelmanager.rs

@@ -5899,19 +5899,32 @@ where
 	/// counterparty's signature(s) the funding transaction will automatically be broadcast via the
 	/// [`BroadcasterInterface`] provided when this `ChannelManager` was constructed.
 	///
-	/// `SIGHASH_ALL` MUST be used for all signatures when providing signatures.
-	///
-	/// <div class="warning">
-	/// WARNING: LDK makes no attempt to prevent the counterparty from using non-standard inputs which
-	///  will prevent the funding transaction from being relayed on the bitcoin network and hence being
-	///  confirmed.
-	/// </div>
+	/// `SIGHASH_ALL` MUST be used for all signatures when providing signatures, otherwise your
+	/// funds can be held hostage!
+	///
+	/// LDK checks the following:
+	///  * Each input spends an output that is one of P2WPKH, P2WSH, or P2TR.
+	///    These were already checked by LDK when the inputs to be contributed were provided.
+	///  * All signatures use the `SIGHASH_ALL` sighash type.
+	///  * P2WPKH and P2TR key path spends are valid (verifies signatures)
+	///
+	/// NOTE:
+	///  * When checking P2WSH spends, LDK tries to decode 70-72 byte witness elements as ECDSA
+	///    signatures with a sighash flag. If the internal DER-decoding fails, then LDK just
+	///    assumes it wasn't a signature and carries with checks. If the element can be decoded
+	///    as an ECDSA signature, the the sighash flag must be `SIGHASH_ALL`.
+	///  * When checking P2TR script-path spends, LDK assumes all elements of exactly 65 bytes
+	///    with the last byte matching any valid sighash flag byte are schnorr signatures and checks
+	///    that the sighash type is `SIGHASH_ALL`. If the last byte is not any valid sighash flag, the
+	///    element is assumed not to be a signature and is ignored. Elements of 64 bytes are not
+	///    checked because if they were schnorr signatures then they would implicitly be `SIGHASH_DEFAULT`
+	///    which is an alias of `SIGHASH_ALL`.
 	///
 	/// Returns [`ChannelUnavailable`] when a channel is not found or an incorrect
 	/// `counterparty_node_id` is provided.
 	///
 	/// Returns [`APIMisuseError`] when a channel is not in a state where it is expecting funding
-	/// signatures.
+	/// signatures or if any of the checks described above fail.
 	///
 	/// [`ChannelUnavailable`]: APIError::ChannelUnavailable
 	/// [`APIMisuseError`]: APIError::APIMisuseError