Skip to content

Release held LSPS2 HTLCs when abandoning JIT opens #4703

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tnull merged 1 commit into from
Jun 18, 2026
+139 −16
Merged

Release held LSPS2 HTLCs when abandoning JIT opens #4703

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 20 additions & 16 deletions lightning-liquidity/src/lsps2/service.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1316,6 +1316,8 @@ where
/// This removes the intercept SCID, any outbound channel state, and associated
/// channel‐ID mappings for the specified `user_channel_id`, but only while no payment
/// has been forwarded yet and no channel has been opened on-chain.
/// Any held HTLCs for the pending flow are failed backwards before the local state
/// is removed.
///
/// Returns an error if:
/// - there is no channel matching `user_channel_id`, or
Expand Down Expand Up @@ -1351,25 +1353,27 @@ where

let jit_channel = peer_state
.outbound_channels_by_intercept_scid
.get(&intercept_scid)
.get_mut(&intercept_scid)
.ok_or_else(|| APIError::APIMisuseError {
err: format!(
"Failed to map intercept_scid {} for user_channel_id {} to a channel.",
intercept_scid, user_channel_id,
),
})?;
err: format!(
"Failed to map intercept_scid {} for user_channel_id {} to a channel.",
intercept_scid, user_channel_id,
),
})?;

let is_pending = matches!(
jit_channel.state,
OutboundJITChannelState::PendingInitialPayment { .. }
| OutboundJITChannelState::PendingChannelOpen { .. }
);
let intercepted_htlcs = match &mut jit_channel.state {

@tnull tnull Jun 17, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need all this seemingly unrelated refactoring?

@joostjager joostjager Jun 18, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Which one do you mean exactly?

We need to get and drain the payment queue, and by putting the return in the _ arm, not another bool is needed.

@tnull tnull Jun 18, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, originally this code had matches and ifs all over the place, so we spent some time before making it more readable. Moving things to dedicated bools was part of that effort of making the code more readable when read top to bottom. Any case, it's not too terrible, but IMO a step back.

OutboundJITChannelState::PendingInitialPayment { payment_queue }
| OutboundJITChannelState::PendingChannelOpen { payment_queue, .. } => payment_queue.clear(),
_ => {
return Err(APIError::APIMisuseError {
err: "Cannot abandon channel open after channel creation or payment forwarding"
.to_string(),
});
},
};

if !is_pending {
return Err(APIError::APIMisuseError {
err: "Cannot abandon channel open after channel creation or payment forwarding"
.to_string(),
});
for htlc in intercepted_htlcs {
let _ = self.channel_manager.get_cm().fail_intercepted_htlc(htlc.intercept_id);
}

peer_state.intercept_scid_by_user_channel_id.remove(&user_channel_id);

@ldk-claude-review-bot ldk-claude-review-bot Jun 18, 2026

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This cleanup removes the three per-peer maps (intercept_scid_by_user_channel_id, outbound_channels_by_intercept_scid, intercept_scid_by_channel_id) but never removes the global self.peer_by_intercept_scid entry for intercept_scid. channel_closed does remove it (line 1299), so abandon leaves a stale global mapping.

Consequence: after abandon, peer_by_intercept_scid still resolves the scid to this peer, but outbound_channels_by_intercept_scid no longer has it. A late/retransmitted HTLC for that scid will pass the if let Some(counterparty_node_id) check at line 1013, fall through the inner if let Some(jit_channel) at line 1020 (now None), and return Ok(()) at line 1092 without failing the HTLC — so it stays held until CLTV timeout. The entry also leaks permanently. The PR description states it "removes the stale intercept SCID lookup," but the global lookup is not removed. Consider self.peer_by_intercept_scid.write().unwrap().remove(&intercept_scid); here (mind lock ordering: do it outside the per_peer_state read guard scope, as channel_closed does).

@joostjager joostjager Jun 18, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We decided to only do the minimal fix

@tnull tnull Jun 18, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See below, maybe we should still leave 1-2 TODO comments?

@tnull tnull Jun 18, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Codex:

  • P2 /home/tnull/worktrees/rust-lightning/pr-4703/lightning-liquidity/src/lsps2/service.rs:1379: channel_open_abandoned removes the per-peer channel state
    and maps, but still leaves peer_by_intercept_scid populated. A later payer retry or additional MPP shard to the same abandoned SCID will hit the stale
    global map in htlc_intercepted and then fall through when no per-peer channel exists, returning Ok(()) without failing or forwarding the HTLC. The new test
    only checks the already-held intercept. The abandon path should also remove the global SCID mapping, or htlc_intercepted should treat this missing-channel
    case as unhandled/error.

Given we decided to not fully fix all cases, should we at least leave 1-2 TODOs in the respective places so we don't forget to revisit them?

Expand Down
119 changes: 119 additions & 0 deletions lightning-liquidity/tests/lsps2_integration_tests.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -682,6 +682,125 @@ fn channel_open_abandoned() {
assert!(result.is_err());
}

#[test]
fn channel_open_abandoned_releases_intercepted_htlcs() {
let chanmon_cfgs = create_chanmon_cfgs(3);
let node_cfgs = create_node_cfgs(3, &chanmon_cfgs);
let mut service_node_config = test_default_channel_config();
service_node_config.htlc_interception_flags = HTLCInterceptionFlags::ToInterceptSCIDs as u8;

let mut client_node_config = test_default_channel_config();
client_node_config.channel_config.accept_underpaying_htlcs = true;

let node_chanmgrs = create_node_chanmgrs(
3,
&node_cfgs,
&[Some(service_node_config), Some(client_node_config), None],
);
let nodes = create_network(3, &node_cfgs, &node_chanmgrs);
let (lsps_nodes, promise_secret) = setup_test_lsps2_nodes_with_payer(nodes);
let LSPSNodesWithPayer { ref service_node, ref client_node, ref payer_node } = lsps_nodes;

let payer_node_id = payer_node.node.get_our_node_id();
let service_node_id = service_node.inner.node.get_our_node_id();
let client_node_id = client_node.inner.node.get_our_node_id();

let service_handler = service_node.liquidity_manager.lsps2_service_handler().unwrap();
create_chan_between_nodes_with_value(&payer_node, &service_node.inner, 2_000_000, 100_000);

let intercept_scid = service_node.node.get_intercept_scid();
let user_channel_id = 42u128;
let cltv_expiry_delta: u32 = 144;
let payment_size_msat = Some(1_000_000);
let fee_base_msat: u64 = 1_000;

execute_lsps2_dance(
&lsps_nodes,
intercept_scid,
user_channel_id,
cltv_expiry_delta,
promise_secret,
payment_size_msat,
fee_base_msat,
);

let invoice = create_jit_invoice(
&client_node,
service_node_id,
intercept_scid,
cltv_expiry_delta,
payment_size_msat,
"channel-open-abandoned-cleanup",
3600,
)
.unwrap();

payer_node
.node
.pay_for_bolt11_invoice(
&invoice,
PaymentId(invoice.payment_hash().0),
None,
OptionalBolt11PaymentParams::default(),
)
.unwrap();

check_added_monitors(&payer_node, 1);
let events = payer_node.node.get_and_clear_pending_msg_events();
let ev = SendEvent::from_event(events[0].clone());
service_node.inner.node.handle_update_add_htlc(payer_node_id, &ev.msgs[0]);
do_commitment_signed_dance(&service_node.inner, &payer_node, &ev.commitment_msg, false, true);
service_node.inner.node.process_pending_htlc_forwards();

let events = service_node.inner.node.get_and_clear_pending_events();
assert_eq!(events.len(), 1);
let intercept_id = match &events[0] {
Event::HTLCIntercepted {
intercept_id,
requested_next_hop_scid,
payment_hash,
expected_outbound_amount_msat,
..
} => {
assert_eq!(*requested_next_hop_scid, intercept_scid);
service_handler
.htlc_intercepted(
*requested_next_hop_scid,
*intercept_id,
*expected_outbound_amount_msat,
*payment_hash,
)
.unwrap();
*intercept_id
},
other => panic!("Expected HTLCIntercepted, got {:?}", other),
};

match service_node.liquidity_manager.next_event().unwrap() {
LiquidityEvent::LSPS2Service(LSPS2ServiceEvent::OpenChannel { .. }) => {},
other => panic!("Unexpected event: {:?}", other),
};

service_handler.channel_open_abandoned(&client_node_id, user_channel_id).unwrap();

let res = service_node.inner.node.fail_intercepted_htlc(intercept_id);
assert!(
res.is_err(),
"channel_open_abandoned must release the intercepted HTLC via fail_intercepted_htlc, but the entry is still pending: {:?}",
res,
);

let events = service_node.inner.node.get_and_clear_pending_events();
assert_eq!(events.len(), 1);
match &events[0] {
Event::HTLCHandlingFailed {
failure_type: HTLCHandlingFailureType::InvalidForward { requested_forward_scid },
..
} => assert_eq!(*requested_forward_scid, intercept_scid),
other => panic!("Expected HTLCHandlingFailed, got {:?}", other),
}
}

#[test]
fn channel_open_abandoned_nonexistent_channel() {
let chanmon_cfgs = create_chanmon_cfgs(2);
Expand Down