lightningdevkit · TheBlueMatt · Apr 16, 2025 · Mar 28, 2025
diff --git a/lightning/src/chain/channelmonitor.rs b/lightning/src/chain/channelmonitor.rs
@@ -3588,15 +3588,15 @@ impl<Signer: EcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 					to_broadcaster_value,
 					to_countersignatory_value,
 				)| {
-					let htlc_outputs = vec![];
+					let nondust_htlcs = vec![];
 
 					let commitment_tx = self.build_counterparty_commitment_tx(
 						INITIAL_COMMITMENT_NUMBER,
 						&their_per_commitment_point,
 						to_broadcaster_value,
 						to_countersignatory_value,
 						feerate_per_kw,
-						htlc_outputs,
+						nondust_htlcs,
 					);
 					// Take the opportunity to populate this recently introduced field
 					self.initial_counterparty_commitment_tx = Some(commitment_tx.clone());
@@ -3609,11 +3609,11 @@ impl<Signer: EcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 	fn build_counterparty_commitment_tx(
 		&self, commitment_number: u64, their_per_commitment_point: &PublicKey,
 		to_broadcaster_value: u64, to_countersignatory_value: u64, feerate_per_kw: u32,
-		mut nondust_htlcs: Vec<(HTLCOutputInCommitment, Option<Box<HTLCSource>>)>
+		nondust_htlcs: Vec<HTLCOutputInCommitment>
 	) -> CommitmentTransaction {
 		let channel_parameters = &self.funding.channel_parameters.as_counterparty_broadcastable();
-		CommitmentTransaction::new_with_auxiliary_htlc_data(commitment_number, their_per_commitment_point,
-			to_broadcaster_value, to_countersignatory_value, feerate_per_kw, &mut nondust_htlcs, channel_parameters, &self.onchain_tx_handler.secp_ctx)
+		CommitmentTransaction::new(commitment_number, their_per_commitment_point,
+			to_broadcaster_value, to_countersignatory_value, feerate_per_kw, nondust_htlcs, channel_parameters, &self.onchain_tx_handler.secp_ctx)
 	}
 
 	fn counterparty_commitment_txs_from_update(&self, update: &ChannelMonitorUpdate) -> Vec<CommitmentTransaction> {
@@ -3629,7 +3629,7 @@ impl<Signer: EcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 					to_countersignatory_value_sat: Some(to_countersignatory_value) } => {
 
 					let nondust_htlcs = htlc_outputs.iter().filter_map(|(htlc, _)| {
-						htlc.transaction_output_index.map(|_| (htlc.clone(), None))
+						htlc.transaction_output_index.map(|_| htlc).cloned()
 					}).collect::<Vec<_>>();
 
 					let commitment_tx = self.build_counterparty_commitment_tx(commitment_number,
@@ -5620,21 +5620,21 @@ mod tests {
 				{
 					let mut res = Vec::new();
 					for (idx, preimage) in $preimages_slice.iter().enumerate() {
-						res.push((HTLCOutputInCommitment {
+						res.push(HTLCOutputInCommitment {
 							offered: true,
 							amount_msat: 0,
 							cltv_expiry: 0,
 							payment_hash: preimage.1.clone(),
 							transaction_output_index: Some(idx as u32),
-						}, ()));
+						});
 					}
 					res
 				}
 			}
 		}
 		macro_rules! preimages_slice_to_htlc_outputs {
 			($preimages_slice: expr) => {
-				preimages_slice_to_htlcs!($preimages_slice).into_iter().map(|(htlc, _)| (htlc, None)).collect()
+				preimages_slice_to_htlcs!($preimages_slice).into_iter().map(|htlc| (htlc, None)).collect()
 			}
 		}
 		let dummy_sig = crate::crypto::utils::sign(&secp_ctx,
@@ -5690,15 +5690,17 @@ mod tests {
 		let best_block = BestBlock::from_network(Network::Testnet);
 		let monitor = ChannelMonitor::new(
 			Secp256k1::new(), keys, Some(shutdown_script.into_inner()), 0, &ScriptBuf::new(),
-			&channel_parameters, true, 0, HolderCommitmentTransaction::dummy(0, &mut Vec::new()),
+			&channel_parameters, true, 0, HolderCommitmentTransaction::dummy(0, Vec::new()),
 			best_block, dummy_key, channel_id,
 		);
 
-		let mut htlcs = preimages_slice_to_htlcs!(preimages[0..10]);
-		let dummy_commitment_tx = HolderCommitmentTransaction::dummy(0, &mut htlcs);
+		let nondust_htlcs = preimages_slice_to_htlcs!(preimages[0..10]);
+		let dummy_commitment_tx = HolderCommitmentTransaction::dummy(0, nondust_htlcs);
+		// These HTLCs now have their output indices assigned
+		let nondust_htlcs = dummy_commitment_tx.nondust_htlcs();
 
 		monitor.provide_latest_holder_commitment_tx(dummy_commitment_tx.clone(),
-			htlcs.into_iter().map(|(htlc, _)| (htlc, Some(dummy_sig), Some(dummy_source.clone()))).collect());
+			nondust_htlcs.into_iter().map(|htlc| (htlc.clone(), Some(dummy_sig), Some(dummy_source.clone()))).collect());
 		monitor.provide_latest_counterparty_commitment_tx(Txid::from_byte_array(Sha256::hash(b"1").to_byte_array()),
 			preimages_slice_to_htlc_outputs!(preimages[5..15]), 281474976710655, dummy_key, &logger);
 		monitor.provide_latest_counterparty_commitment_tx(Txid::from_byte_array(Sha256::hash(b"2").to_byte_array()),
@@ -5733,21 +5735,25 @@ mod tests {
 
 		// Now update holder commitment tx info, pruning only element 18 as we still care about the
 		// previous commitment tx's preimages too
-		let mut htlcs = preimages_slice_to_htlcs!(preimages[0..5]);
-		let dummy_commitment_tx = HolderCommitmentTransaction::dummy(0, &mut htlcs);
+		let nondust_htlcs = preimages_slice_to_htlcs!(preimages[0..5]);
+		let dummy_commitment_tx = HolderCommitmentTransaction::dummy(0, nondust_htlcs);
+		// These HTLCs now have their output indices assigned
+		let nondust_htlcs = dummy_commitment_tx.nondust_htlcs();
 		monitor.provide_latest_holder_commitment_tx(dummy_commitment_tx.clone(),
-			htlcs.into_iter().map(|(htlc, _)| (htlc, Some(dummy_sig), Some(dummy_source.clone()))).collect());
+			nondust_htlcs.into_iter().map(|htlc| (htlc.clone(), Some(dummy_sig), Some(dummy_source.clone()))).collect());
 		secret[0..32].clone_from_slice(&<Vec<u8>>::from_hex("2273e227a5b7449b6e70f1fb4652864038b1cbf9cd7c043a7d6456b7fc275ad8").unwrap());
 		monitor.provide_secret(281474976710653, secret.clone()).unwrap();
 		assert_eq!(monitor.inner.lock().unwrap().payment_preimages.len(), 12);
 		test_preimages_exist!(&preimages[0..10], monitor);
 		test_preimages_exist!(&preimages[18..20], monitor);
 
 		// But if we do it again, we'll prune 5-10
-		let mut htlcs = preimages_slice_to_htlcs!(preimages[0..3]);
-		let dummy_commitment_tx = HolderCommitmentTransaction::dummy(0, &mut htlcs);
-		monitor.provide_latest_holder_commitment_tx(dummy_commitment_tx,
-			htlcs.into_iter().map(|(htlc, _)| (htlc, Some(dummy_sig), Some(dummy_source.clone()))).collect());
+		let nondust_htlcs = preimages_slice_to_htlcs!(preimages[0..3]);
+		let dummy_commitment_tx = HolderCommitmentTransaction::dummy(0, nondust_htlcs);
+		// These HTLCs now have their output indices assigned
+		let nondust_htlcs = dummy_commitment_tx.nondust_htlcs();
+		monitor.provide_latest_holder_commitment_tx(dummy_commitment_tx.clone(),
+			nondust_htlcs.into_iter().map(|htlc| (htlc.clone(), Some(dummy_sig), Some(dummy_source.clone()))).collect());
 		secret[0..32].clone_from_slice(&<Vec<u8>>::from_hex("27cddaa5624534cb6cb9d7da077cf2b22ab21e9b506fd4998a51d54502e99116").unwrap());
 		monitor.provide_secret(281474976710652, secret.clone()).unwrap();
 		assert_eq!(monitor.inner.lock().unwrap().payment_preimages.len(), 5);
@@ -5942,7 +5948,7 @@ mod tests {
 		let best_block = BestBlock::from_network(Network::Testnet);
 		let monitor = ChannelMonitor::new(
 			Secp256k1::new(), keys, Some(shutdown_script.into_inner()), 0, &ScriptBuf::new(),
-			&channel_parameters, true, 0, HolderCommitmentTransaction::dummy(0, &mut Vec::new()),
+			&channel_parameters, true, 0, HolderCommitmentTransaction::dummy(0, Vec::new()),
 			best_block, dummy_key, channel_id,
 		);
 

diff --git a/lightning/src/chain/onchaintx.rs b/lightning/src/chain/onchaintx.rs
@@ -1296,22 +1296,21 @@ mod tests {
 
 		// Create an OnchainTxHandler for a commitment containing HTLCs with CLTV expiries of 0, 1,
 		// and 2 blocks.
-		let mut htlcs = Vec::new();
+		let mut nondust_htlcs = Vec::new();
 		for i in 0..3 {
 			let preimage = PaymentPreimage([i; 32]);
 			let hash = PaymentHash(Sha256::hash(&preimage.0[..]).to_byte_array());
-			htlcs.push((
+			nondust_htlcs.push(
 				HTLCOutputInCommitment {
 					offered: true,
 					amount_msat: 10000,
 					cltv_expiry: i as u32,
 					payment_hash: hash,
 					transaction_output_index: Some(i as u32),
-				},
-				(),
-			));
+				}
+			);
 		}
-		let holder_commit = HolderCommitmentTransaction::dummy(1000000, &mut htlcs);
+		let holder_commit = HolderCommitmentTransaction::dummy(1000000, nondust_htlcs);
 		let destination_script = ScriptBuf::new();
 		let mut tx_handler = OnchainTxHandler::new(
 			1000000,

diff --git a/lightning/src/chain/package.rs b/lightning/src/chain/package.rs
@@ -1712,7 +1712,7 @@ mod tests {
 					payment_hash: PaymentHash::from(preimage),
 					transaction_output_index: None,
 				};
-				let commitment_tx = HolderCommitmentTransaction::dummy(0, &mut vec![(htlc.clone(), ())]);
+				let commitment_tx = HolderCommitmentTransaction::dummy(0, vec![htlc.clone()]);
 				let trusted_tx = commitment_tx.trust();
 				PackageSolvingData::HolderHTLCOutput(HolderHTLCOutput::build(
 					HTLCDescriptor {
@@ -1746,7 +1746,7 @@ mod tests {
 					payment_hash: PaymentHash::from(PaymentPreimage([2;32])),
 					transaction_output_index: None,
 				};
-				let commitment_tx = HolderCommitmentTransaction::dummy(0, &mut vec![(htlc.clone(), ())]);
+				let commitment_tx = HolderCommitmentTransaction::dummy(0, vec![htlc.clone()]);
 				let trusted_tx = commitment_tx.trust();
 				PackageSolvingData::HolderHTLCOutput(HolderHTLCOutput::build(
 					HTLCDescriptor {
@@ -1770,7 +1770,7 @@ mod tests {
 
 	macro_rules! dumb_funding_output {
 		() => {{
-			let commitment_tx = HolderCommitmentTransaction::dummy(0, &mut Vec::new());
+			let commitment_tx = HolderCommitmentTransaction::dummy(0, Vec::new());
 			let mut channel_parameters = ChannelTransactionParameters::test_dummy(0);
 			channel_parameters.channel_type_features = ChannelTypeFeatures::only_static_remote_key();
 			PackageSolvingData::HolderFundingOutput(HolderFundingOutput::build(

diff --git a/lightning/src/ln/chan_utils.rs b/lightning/src/ln/chan_utils.rs
diff --git a/lightning/src/ln/channel.rs b/lightning/src/ln/channel.rs
@@ -3956,9 +3956,9 @@ impl<SP: Deref> ChannelContext<SP> where SP::Target: SignerProvider {
 			remote_balance_before_fee_anchors_msat
 		} = stats;
 
-		let mut included_dust_htlcs: Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)> = Vec::new();
 		let num_htlcs = self.pending_inbound_htlcs.len() + self.pending_outbound_htlcs.len();
-		let mut included_non_dust_htlcs: Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)> = Vec::with_capacity(num_htlcs);
+		let mut htlcs_included: Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)> = Vec::with_capacity(num_htlcs);
+		let mut nondust_htlcs: Vec<HTLCOutputInCommitment> = Vec::with_capacity(num_htlcs);
 
 		log_trace!(logger, "Building commitment transaction number {} (really {} xor {}) for channel {} for {}, generated by {} with fee {}...",
 			commitment_number, (INITIAL_COMMITMENT_NUMBER - commitment_number),
@@ -3981,12 +3981,12 @@ impl<SP: Deref> ChannelContext<SP> where SP::Target: SignerProvider {
 		macro_rules! add_htlc_output {
 			($htlc: expr, $outbound: expr, $source: expr) => {
 				let htlc_in_tx = get_htlc_in_commitment!($htlc, $outbound == local);
+				htlcs_included.push((htlc_in_tx.clone(), $source));
 				if $htlc.is_dust(local, feerate_per_kw, broadcaster_dust_limit_sat, funding.get_channel_type()) {
 					log_trace!(logger, "   ...including {} {} dust HTLC {} (hash {}) with value {} due to dust limit", if $outbound { "outbound" } else { "inbound" }, $htlc.state, $htlc.htlc_id, $htlc.payment_hash, $htlc.amount_msat);
-					included_dust_htlcs.push((htlc_in_tx, $source));
 				} else {
 					log_trace!(logger, "   ...including {} {} HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $htlc.state, $htlc.htlc_id, $htlc.payment_hash, $htlc.amount_msat);
-					included_non_dust_htlcs.push((htlc_in_tx, $source));
+					nondust_htlcs.push(htlc_in_tx);
 				}
 			}
 		}
@@ -4047,19 +4047,47 @@ impl<SP: Deref> ChannelContext<SP> where SP::Target: SignerProvider {
 		let channel_parameters =
 			if local { funding.channel_transaction_parameters.as_holder_broadcastable() }
 			else { funding.channel_transaction_parameters.as_counterparty_broadcastable() };
-		let tx = CommitmentTransaction::new_with_auxiliary_htlc_data(commitment_number,
-		                                                             per_commitment_point,
-		                                                             to_broadcaster_value_sat,
-		                                                             to_countersignatory_value_sat,
-		                                                             feerate_per_kw,
-		                                                             &mut included_non_dust_htlcs,
-		                                                             &channel_parameters,
-		                                                             &self.secp_ctx,
+		let tx = CommitmentTransaction::new(
+			commitment_number,
+			per_commitment_point,
+			to_broadcaster_value_sat,
+			to_countersignatory_value_sat,
+			feerate_per_kw,
+			nondust_htlcs,
+			&channel_parameters,
+			&self.secp_ctx,
 		);
-		let mut htlcs_included = included_non_dust_htlcs;
-		// The unwrap is safe, because all non-dust HTLCs have been assigned an output index
-		htlcs_included.sort_unstable_by_key(|h| h.0.transaction_output_index.unwrap());
-		htlcs_included.append(&mut included_dust_htlcs);
+
+		// This populates the HTLC-source table with the indices from the HTLCs in the commitment
+		// transaction.
+		//
+		// This brute-force search is O(n^2) over ~1k HTLCs in the worst case. This case is very
+		// rare at the moment.
+		for nondust_htlc in tx.nondust_htlcs() {
+			let htlc = htlcs_included
+				.iter_mut()
+				.filter(|(htlc, _source)| htlc.transaction_output_index.is_none())
+				.find_map(|(htlc, _source)| {
+					if htlc.is_data_equal(nondust_htlc) {
+						Some(htlc)
+					} else {
+						None
+					}
+				})
+				.unwrap();
+			htlc.transaction_output_index = Some(nondust_htlc.transaction_output_index.unwrap());
+		}
+
+		// This places the non-dust HTLC-source pairs first, in the order they appear in the
+		// commitment transaction, followed by the dust HTLC-source pairs.
+		htlcs_included.sort_unstable_by(|(htlc_a, _), (htlc_b, _)| {
+			match (htlc_a.transaction_output_index, htlc_b.transaction_output_index) {
+				// `None` is smaller than `Some`, but we want `Some` ordered before `None` in the vector
+				(None, Some(_)) => cmp::Ordering::Greater,
+				(Some(_), None) => cmp::Ordering::Less,
+				(l, r) => cmp::Ord::cmp(&l, &r),
+			}
+		});
 
 		CommitmentData {
 			tx,

diff --git a/lightning/src/ln/functional_tests.rs b/lightning/src/ln/functional_tests.rs
@@ -746,14 +746,14 @@ pub fn test_update_fee_that_funder_cannot_afford() {
 		let local_chan_lock = per_peer_state.get(&nodes[1].node.get_our_node_id()).unwrap().lock().unwrap();
 		let local_chan = local_chan_lock.channel_by_id.get(&chan.2).and_then(Channel::as_funded).unwrap();
 		let local_chan_signer = local_chan.get_signer();
-		let mut htlcs: Vec<(HTLCOutputInCommitment, ())> = vec![];
-		let commitment_tx = CommitmentTransaction::new_with_auxiliary_htlc_data(
+		let nondust_htlcs: Vec<HTLCOutputInCommitment> = vec![];
+		let commitment_tx = CommitmentTransaction::new(
 			INITIAL_COMMITMENT_NUMBER - 1,
 			&remote_point,
 			push_sats,
 			channel_value - push_sats - commit_tx_fee_msat(non_buffer_feerate + 4, 0, &channel_type_features) / 1000,
 			non_buffer_feerate + 4,
-			&mut htlcs,
+			nondust_htlcs,
 			&local_chan.funding.channel_transaction_parameters.as_counterparty_broadcastable(),
 			&secp_ctx,
 		);
@@ -831,16 +831,16 @@ pub fn test_update_fee_that_saturates_subs() {
 		let local_chan_lock = per_peer_state.get(&nodes[1].node.get_our_node_id()).unwrap().lock().unwrap();
 		let local_chan = local_chan_lock.channel_by_id.get(&chan_id).and_then(Channel::as_funded).unwrap();
 		let local_chan_signer = local_chan.get_signer();
-		let mut htlcs: Vec<(HTLCOutputInCommitment, ())> = vec![];
-		let commitment_tx = CommitmentTransaction::new_with_auxiliary_htlc_data(
+		let nondust_htlcs: Vec<HTLCOutputInCommitment> = vec![];
+		let commitment_tx = CommitmentTransaction::new(
 			INITIAL_COMMITMENT_NUMBER,
 			&remote_point,
 			8500,
 			// Set a zero balance here: this is the transaction that node 1 will expect a signature for, as
 			// he will do a saturating subtraction of the total fees from node 0's balance.
 			0,
 			FEERATE,
-			&mut htlcs,
+			nondust_htlcs,
 			&local_chan.funding.channel_transaction_parameters.as_counterparty_broadcastable(),
 			&secp_ctx,
 		);
@@ -1565,13 +1565,13 @@ pub fn test_fee_spike_violation_fails_htlc() {
 		let local_chan_lock = per_peer_state.get(&nodes[1].node.get_our_node_id()).unwrap().lock().unwrap();
 		let local_chan = local_chan_lock.channel_by_id.get(&chan.2).and_then(Channel::as_funded).unwrap();
 		let local_chan_signer = local_chan.get_signer();
-		let commitment_tx = CommitmentTransaction::new_with_auxiliary_htlc_data(
+		let commitment_tx = CommitmentTransaction::new(
 			commitment_number,
 			&remote_point,
 			95000,
 			local_chan_balance,
 			feerate_per_kw,
-			&mut vec![(accepted_htlc_info, ())],
+			vec![accepted_htlc_info],
 			&local_chan.funding.channel_transaction_parameters.as_counterparty_broadcastable(),
 			&secp_ctx,
 		);