Merge pull request #3988 from TheBlueMatt/2025-08-durable-claims

Block RAA `ChannelMonitorUpdate`s on `PaymentClaimed` events

Author: wpaulino

lightning/src/events/mod.rs

@@ -233,6 +233,11 @@ impl_writeable_tlv_based_enum_legacy!(PaymentPurpose,
 /// Information about an HTLC that is part of a payment that can be claimed.
 #[derive(Clone, Debug, PartialEq, Eq)]
 pub struct ClaimedHTLC {
+	/// The counterparty of the channel.
+	///
+	/// This value will always be `None` for objects serialized with LDK versions prior to 0.2 and
+	/// `Some` otherwise.
+	pub counterparty_node_id: Option<PublicKey>,
 	/// The `channel_id` of the channel over which the HTLC was received.
 	pub channel_id: ChannelId,
 	/// The `user_channel_id` of the channel over which the HTLC was received. This is the value
@@ -263,6 +268,7 @@ impl_writeable_tlv_based!(ClaimedHTLC, {
 	(0, channel_id, required),
 	(1, counterparty_skimmed_fee_msat, (default_value, 0u64)),
 	(2, user_channel_id, required),
+	(3, counterparty_node_id, option),
 	(4, cltv_expiry, required),
 	(6, value_msat, required),
 });

lightning/src/ln/async_signer_tests.rs

@@ -1395,6 +1395,7 @@ fn test_no_disconnect_while_async_commitment_signed_expecting_remote_revoke_and_
 	let (preimage, payment_hash, ..) = route_payment(&nodes[0], &[&nodes[1]], payment_amount);
 	nodes[1].node.claim_funds(preimage);
 	check_added_monitors(&nodes[1], 1);
+	expect_payment_claimed!(nodes[1], payment_hash, payment_amount);
 
 	// We'll disable signing counterparty commitments on the payment sender.
 	nodes[0].disable_channel_signer_op(&node_b_id, &chan_id, SignerOp::SignCounterpartyCommitment);
@@ -1403,6 +1404,7 @@ fn test_no_disconnect_while_async_commitment_signed_expecting_remote_revoke_and_
 	// the `commitment_signed` is no longer pending.
 	let mut update = get_htlc_update_msgs!(&nodes[1], node_a_id);
 	nodes[0].node.handle_update_fulfill_htlc(node_b_id, update.update_fulfill_htlcs.remove(0));
+	expect_payment_sent(&nodes[0], preimage, None, false, false);
 	nodes[0].node.handle_commitment_signed_batch_test(node_b_id, &update.commitment_signed);
 	check_added_monitors(&nodes[0], 1);
 
@@ -1426,7 +1428,4 @@ fn test_no_disconnect_while_async_commitment_signed_expecting_remote_revoke_and_
 	};
 	assert!(nodes[0].node.get_and_clear_pending_msg_events().is_empty());
 	assert!(nodes[1].node.get_and_clear_pending_msg_events().into_iter().any(has_disconnect_event));
-
-	expect_payment_sent(&nodes[0], preimage, None, false, false);
-	expect_payment_claimed!(nodes[1], payment_hash, payment_amount);
 }

lightning/src/ln/chanmon_update_fail_tests.rs

@@ -4694,6 +4694,23 @@ fn test_single_channel_multiple_mpp() {
 	// `update_fulfill_htlc`/`commitment_signed` pair to pass to our counterparty.
 	do_a_write.send(()).unwrap();
 
+	let event_node: &'static TestChannelManager<'static, 'static> =
+		unsafe { std::mem::transmute(nodes[8].node as &TestChannelManager) };
+	let thrd_event = std::thread::spawn(move || {
+		let mut have_event = false;
+		while !have_event {
+			let mut events = event_node.get_and_clear_pending_events();
+			assert!(events.len() == 1 || events.len() == 0);
+			if events.len() == 1 {
+				if let Event::PaymentClaimed { .. } = events[0] {
+				} else {
+					panic!("Unexpected event {events:?}");
+				}
+				have_event = true;
+			}
+		}
+	});
+
 	// Then fetch the `update_fulfill_htlc`/`commitment_signed`. Note that the
 	// `get_and_clear_pending_msg_events` will immediately hang trying to take a peer lock which
 	// `claim_funds` is holding. Thus, we release a second write after a small sleep in the
@@ -4713,7 +4730,11 @@ fn test_single_channel_multiple_mpp() {
 	});
 	block_thrd2.store(false, Ordering::Release);
 	let mut first_updates = get_htlc_update_msgs(&nodes[8], &node_h_id);
+
+	// Thread 2 could unblock first, or it could get blocked waiting on us to process a
+	// `PaymentClaimed` event. Either way, wait until both have finished.
 	thrd2.join().unwrap();
+	thrd_event.join().unwrap();
 
 	// Disconnect node 6 from all its peers so it doesn't bother to fail the HTLCs back
 	nodes[7].node.peer_disconnected(node_b_id);
@@ -4760,8 +4781,6 @@ fn test_single_channel_multiple_mpp() {
 	thrd4.join().unwrap();
 	thrd.join().unwrap();
 
-	expect_payment_claimed!(nodes[8], payment_hash, 50_000_000);
-
 	// At the end, we should have 7 ChannelMonitorUpdates - 6 for HTLC claims, and one for the
 	// above `revoke_and_ack`.
 	check_added_monitors(&nodes[8], 7);

lightning/src/ln/channel.rs

@@ -6401,7 +6401,7 @@ where
 		Ok((closing_transaction, total_fee_satoshis))
 	}
 
-	fn funding_outpoint(&self) -> OutPoint {
+	pub fn funding_outpoint(&self) -> OutPoint {
 		self.funding.channel_transaction_parameters.funding_outpoint.unwrap()
 	}