Add min feerate checks

Author: dunxen

lightning/src/chain/chaininterface.rs

@@ -52,3 +52,5 @@ pub trait FeeEstimator {
 
 /// Minimum relay fee as required by bitcoin network mempool policy.
 pub const MIN_RELAY_FEE_SAT_PER_1000_WEIGHT: u64 = 4000;
+/// Minimum feerate that takes a sane approach to rounding
+pub const FEERATE_FLOOR_SATS_PER_KW: u32 = 253;

lightning/src/chain/package.rs

@@ -24,7 +24,7 @@ use ln::PaymentPreimage;
 use ln::chan_utils::{TxCreationKeys, HTLCOutputInCommitment};
 use ln::chan_utils;
 use ln::msgs::DecodeError;
-use chain::chaininterface::{FeeEstimator, ConfirmationTarget, MIN_RELAY_FEE_SAT_PER_1000_WEIGHT};
+use chain::chaininterface::{FeeEstimator, FEERATE_FLOOR_SATS_PER_KW, ConfirmationTarget, MIN_RELAY_FEE_SAT_PER_1000_WEIGHT};
 use chain::keysinterface::Sign;
 use chain::onchaintx::OnchainTxHandler;
 use util::byte_utils;
@@ -777,12 +777,15 @@ fn compute_fee_from_spent_amounts<F: Deref, L: Deref>(input_amounts: u64, predic
 	      L::Target: Logger,
 {
 	let mut updated_feerate = fee_estimator.get_est_sat_per_1000_weight(ConfirmationTarget::HighPriority) as u64;
+	assert!(updated_feerate >= FEERATE_FLOOR_SATS_PER_KW as u64);
 	let mut fee = updated_feerate * (predicted_weight as u64) / 1000;
 	if input_amounts <= fee {
 		updated_feerate = fee_estimator.get_est_sat_per_1000_weight(ConfirmationTarget::Normal) as u64;
+		assert!(updated_feerate >= FEERATE_FLOOR_SATS_PER_KW as u64);
 		fee = updated_feerate * (predicted_weight as u64) / 1000;
 		if input_amounts <= fee {
 			updated_feerate = fee_estimator.get_est_sat_per_1000_weight(ConfirmationTarget::Background) as u64;
+			assert!(updated_feerate >= FEERATE_FLOOR_SATS_PER_KW as u64);
 			fee = updated_feerate * (predicted_weight as u64) / 1000;
 			if input_amounts <= fee {
 				log_error!(logger, "Failed to generate an on-chain punishment tx as even low priority fee ({} sat) was more than the entire claim balance ({} sat)",

lightning/src/ln/channel.rs

@@ -31,7 +31,7 @@ use ln::channelmanager::{CounterpartyForwardingInfo, PendingHTLCStatus, HTLCSour
 use ln::chan_utils::{CounterpartyCommitmentSecrets, TxCreationKeys, HTLCOutputInCommitment, htlc_success_tx_weight, htlc_timeout_tx_weight, make_funding_redeemscript, ChannelPublicKeys, CommitmentTransaction, HolderCommitmentTransaction, ChannelTransactionParameters, CounterpartyChannelTransactionParameters, MAX_HTLCS, get_commitment_transaction_number_obscure_factor, ClosingTransaction};
 use ln::chan_utils;
 use chain::BestBlock;
-use chain::chaininterface::{FeeEstimator,ConfirmationTarget};
+use chain::chaininterface::{FeeEstimator, FEERATE_FLOOR_SATS_PER_KW, ConfirmationTarget};
 use chain::channelmonitor::{ChannelMonitor, ChannelMonitorUpdate, ChannelMonitorUpdateStep, LATENCY_GRACE_PERIOD_BLOCKS};
 use chain::transaction::{OutPoint, TransactionData};
 use chain::keysinterface::{Sign, KeysInterface};
@@ -908,6 +908,7 @@ impl<Signer: Sign> Channel<Signer> {
 		}
 
 		let feerate = fee_estimator.get_est_sat_per_1000_weight(ConfirmationTarget::Normal);
+		assert!(feerate >= FEERATE_FLOOR_SATS_PER_KW);
 
 		let value_to_self_msat = channel_value_satoshis * 1000 - push_msat;
 		let commitment_tx_fee = Self::commit_tx_fee_msat(feerate, MIN_AFFORDABLE_HTLC_COUNT, opt_anchors);
@@ -1053,10 +1054,12 @@ impl<Signer: Sign> Channel<Signer> {
 		// could result in the channel being useless due to everything being dust.
 		let upper_limit = cmp::max(250 * 25,
 			fee_estimator.get_est_sat_per_1000_weight(ConfirmationTarget::HighPriority) as u64 * 10);
+		assert!(upper_limit >= FEERATE_FLOOR_SATS_PER_KW as u64);
 		if feerate_per_kw as u64 > upper_limit {
 			return Err(ChannelError::Close(format!("Peer's feerate much too high. Actual: {}. Our expected upper limit: {}", feerate_per_kw, upper_limit)));
 		}
 		let lower_limit = fee_estimator.get_est_sat_per_1000_weight(ConfirmationTarget::Background);
+		assert!(lower_limit >= FEERATE_FLOOR_SATS_PER_KW);
 		// Some fee estimators round up to the next full sat/vbyte (ie 250 sats per kw), causing
 		// occasional issues with feerate disagreements between an initiator that wants a feerate
 		// of 1.1 sat/vbyte and a receiver that wants 1.1 rounded up to 2. Thus, we always add 250
@@ -3992,7 +3995,9 @@ impl<Signer: Sign> Channel<Signer> {
 		// force_close_avoidance_max_fee_satoshis.
 		// If we fail to come to consensus, we'll have to force-close.
 		let mut proposed_feerate = fee_estimator.get_est_sat_per_1000_weight(ConfirmationTarget::Background);
+		assert!(proposed_feerate >= FEERATE_FLOOR_SATS_PER_KW);
 		let normal_feerate = fee_estimator.get_est_sat_per_1000_weight(ConfirmationTarget::Normal);
+		assert!(normal_feerate >= FEERATE_FLOOR_SATS_PER_KW);
 		let mut proposed_max_feerate = if self.is_outbound() { normal_feerate } else { u32::max_value() };
 
 		// The spec requires that (when the channel does not have anchors) we only send absolute

lightning/src/ln/channelmanager.rs

@@ -36,7 +36,7 @@ use bitcoin::secp256k1;
 
 use chain;
 use chain::{Confirm, ChannelMonitorUpdateErr, Watch, BestBlock};
-use chain::chaininterface::{BroadcasterInterface, ConfirmationTarget, FeeEstimator};
+use chain::chaininterface::{BroadcasterInterface, ConfirmationTarget, FeeEstimator, FEERATE_FLOOR_SATS_PER_KW};
 use chain::channelmonitor::{ChannelMonitor, ChannelMonitorUpdate, ChannelMonitorUpdateStep, HTLC_FAIL_BACK_BUFFER, CLTV_CLAIM_BUFFER, LATENCY_GRACE_PERIOD_BLOCKS, ANTI_REORG_DELAY, MonitorEvent, CLOSED_CHANNEL_UPDATE_ID};
 use chain::transaction::{OutPoint, TransactionData};
 // Since this struct is returned in `list_channels` methods, expose it here in case users want to
@@ -3437,6 +3437,7 @@ impl<Signer: Sign, M: Deref, T: Deref, K: Deref, F: Deref, L: Deref> ChannelMana
 			let mut should_persist = NotifyOption::SkipPersist;
 
 			let new_feerate = self.fee_estimator.get_est_sat_per_1000_weight(ConfirmationTarget::Normal);
+			assert!(new_feerate >= FEERATE_FLOOR_SATS_PER_KW);
 
 			let mut handle_errors = Vec::new();
 			{
@@ -3474,6 +3475,7 @@ impl<Signer: Sign, M: Deref, T: Deref, K: Deref, F: Deref, L: Deref> ChannelMana
 			if self.process_background_events() { should_persist = NotifyOption::DoPersist; }
 
 			let new_feerate = self.fee_estimator.get_est_sat_per_1000_weight(ConfirmationTarget::Normal);
+			assert!(new_feerate >= FEERATE_FLOOR_SATS_PER_KW);
 
 			let mut handle_errors = Vec::new();
 			let mut timed_out_mpp_htlcs = Vec::new();