Skip to content

Releases: lightningdevkit/rust-lightning

v0.1.0-beta1

22 Dec 23:23
66f794c
Compare
Choose a tag to compare
v0.1.0-beta1 Pre-release
Pre-release

Release notes forthcoming.

v0.0.125

02 Dec 18:25
e80d632
Compare
Choose a tag to compare

0.0.125 - Oct 14, 2024 - "Delayed Beta Testing"

Bug Fixes

  • On upgrade to 0.0.124, channels which were at a steady-state (i.e. for which
    the counterparty has received our latest revoke_and_ack message) will
    force-close upon receiving the next channel state update from our
    counterparty. When built with debug assertions a debug assertion failure will
    occur instead (#3362).
  • Listeners in a ChainListenerSet will now have their block_connected
    method called, when appropriate, rather than always having their
    filtered_block_connected method called with full block data (#3354).
  • Routefinding historical liquidity channel scores were made more consistent
    for channels which have very little data which has been decayed (#3362).
  • A debug assertion failure when adding nodes to the network graph after
    removal of nodes from the network graph was fixed (#3362).

In total, this release features 6 files changed, 32 insertions, 7
deletions in 5 commits since 0.0.124 from 2 authors, in alphabetical order:

  • Elias Rohrer
  • Matt Corallo

v0.0.124

04 Sep 19:07
b023eed
Compare
Choose a tag to compare

0.0.124 - Sep 3, 2024 - "Papercutting Feature Requests"

API Updates

  • rust-bitcoin has been updated to 0.32. The new bitcoin-io crate is now
    used for all IO traits, irrespective of the features set on LDK crates.
    LDK crates no longer automatically force features on dependent crates where
    possible, allowing different std/no-std settings between LDK and
    rust-bitcoin crates (e.g. to disable std on LDK to ensure system time is
    not accessed while using bitcoin-io's std feature). (#3063, #3239, #3249).
  • A new lightning_types crate was added which contains various top-level
    types. Using types from lightning::ln::features or
    Payment{Hash,Preimage,Secret} from lightning::ln or
    lightning::ln::types is now deprecated. The new crate is re-exported as
    lightning::types (#3234, #3253).
  • lightning now depends on lightning-invoice, rather than the other way
    around. The lightning_invoice::payment module has moved to
    lightning::ln::bolt11_payment and lightning_invoice::utils to
    lightning::ln::invoice_utils (#3234).
  • Event handlers may now return errors, causing most events to be replayed
    immediately without blocking the background processor. See documentation on
    individual Events for more information on replay (#2995).
  • ChannelDetails::balance_msat is deprecated in favor of
    ChainMonitor::get_claimable_balances and the Balance, which now contains
    substantially more details and more accurately calculates a node-wide
    balance when Balance::claimable_amount_satoshis are summed (#3212, #3247).
  • ConfirmationTarget has two new variants - a MaximumFeeEstimate which can
    help to avoid spurious force-closes by ensuring we always accept feerates up
    to this value from peers as sane and a UrgentOnChainSweep, replacing
    OnChainSweep and only being used when the on-chain sweep is urgent (#3268).
  • All ChannelMonitors are no longer persisted after each block connection,
    instead spreading them out over a handful of blocks to reduce load spikes.
    Note that this will increase the incidence of ChannelMonitors that have
    different best blocks on startup, requiring some additional chain replay
    (but only on some ChannelMonitors) on startup for Listen users (#2966).
  • A new format for Rapid Gossip Sync data is now supported which contains
    additional node metadata and is more extensible (#3098).
  • ChannelManager::send_payment_with_route is now deprecated in favor of the
    much easier to use Channelmanager::send_payment. Those who wish to manually
    select the route such payments go over should do so by matching the
    payment_id passed to send_payment in Router::find_route_with_id (#3224)
  • lightning-transaction-sync now takes most Confirms as a generic Deref.
    You may need an explicit as &(dyn Confirm) to update existing code (#3101).
  • HTLCs will now be forwarded over any channel with a peer, rather than only
    the specific channel requested by the payment sender (#3127).
  • Event::PaymentFailed is now used in place of Event::InvoiceRequestFailed,
    holding an Option for the payment hash, which will be None when no
    invoice has been received (#3192).
  • ChannelManager now supports intercepting and manually paying
    Bolt12Invoices, see UserConfig::manually_handle_bolt12_invoices (#3078).
  • logger::Records now contain a PaymentHash (#2930).
  • ChainMonitor no longer uses an opaque MonitorUpdateId, opting to reuse
    the ChannelMonitorUpdate::update_id instead. Note that you no longer have
    to call ChainMonitor::channel_monitor_updated for
    ChannelMonitorUpdateStatus::InProgress updates to a monitor that were
    started without a ChannelMonitorUpdate (#2957).
  • NodeAnnouncementInfo is now an enum holding either a gossip message or
    the important fields, reducing the memory usage of NetworkGraph (#3072).
  • Onion message handlers now include a message context, which allows for
    blinded path authentication (#3085, #3202).
  • ChannelManager now supports funding with only a txid and output index, see
    ChannelManager::unsafe_manual_funding_transaction_generated (#3024).
  • BOLT 12 invoice requests now go out over, and accept responses over, multiple
    paths (#3087).
  • OnionMessenger now supports intercepting and re-forwarding onion messages
    for peers that are offline at the time of receipt when constructed with
    new_with_offline_peer_interception (#2973).
  • Onion message handling trait methods now generally take a Responder which
    can be used to create a ResponseInstruction to better control how responses
    are sent. The ResponseInstruction can also be converted to
    MessageSendInstructions which can be passed to OnionMessenger's
    send_onion_message to respond asynchronously (#2907, #2996, #3263).
  • OnionMessenger::process_pending_events_async was added (#3060).
  • Blinded paths used for BOLT 12 Offer/Refunds are now compact when they
    expire relatively soon, making them somewhat smaller (#3011, #3080).
  • ChannelManager::force_close_* now take a err msg to send to peers (#2889).
  • ChannelDetails::is_public has been renamed to is_announced and
    ChannelHandshakeConfig::announced_channel to announce_for_forwarding to
    address various misconceptions about the purpose of announcement (#3257).
  • BlindedPaths are now split into BlindedMessagePaths and
    BlindedPaymentPaths and advance_path_by_one added to each (#3182).
  • BlindedPaymentPath now includes the BlindedPayInfo (#3245).
  • BOLT 12 Offer/Refund builders no longer require a description, instead
    allowing it to be set on the builder itself (#3018).
  • The {Inbound,Outbound}HTLCState{,Details} and ChannelDetails structs have
    moved to the ln::channel_state module (#3089).
  • Event::OpenChannelRequest now contains params and is_announced (#3019).
  • Peers are no longer disconnected when we force-close a channel (#3088).
  • BOLT12 Offer and Refund now implement Readable (#2965).
  • RecipientOnionFields is now included in Event::PaymentClaimed (#3084).
  • ClosureReason::HolderForceClosed::broadcasted_latest_txn was added (#3107).
  • EcdsaChannelSigner no longer needs to be Writeable and the supertrait
    WriteableEcdsaChannelSigner has been removed (#3059).
  • CustomMessageHandler::peer_{,dis}connected were added (#3105).
  • lightning_invoice::Description::as_inner() was added (#3203).
  • Splice-related wire messages have been updated to the latest spec (#3129).

Bug Fixes

  • channel_update messages are no longer extracted from failed payments and
    applied to the network graph via Event::PaymentPathFailed, preventing a
    node along the path from identifying the sender of a payment (#3083).
  • In order to prevent senders from identifying the recipient of a BOLT 12 offer
    that included a blinded path, cryptographic information from blinded paths
    are now included in the invoice request verification (#3085, #3139, #3242).
  • Routes are now length-limited based on the actual onion contents rather than
    a fixed value. This ensures no routes are generated that are unpayable when
    sending HTLCs with custom TLVs, blinded paths, or metadata (#3026, #3156).
  • Unannounced LDK nodes (or ones without a network graph) will now include
    unannounced peers as introduction points in blinded paths. This addresses
    issues where test networks were not usable for BOLT 12 due to failures to
    find paths over private channels to LDK nodes. It will also enable creating
    BOLT 12 offers for nodes with no local network graph (#3132).
  • If a channel partner fails to update the feerate on a channel for some time
    and prevailing network feerates increase, LDK will now force-close
    automatically to avoid being unable to claim our funds on-chain. In order to
    reduce false-positives, it does so by comparing the channel's fee against the
    minimum ConfirmationTarget::MinAllowed{,Non}AnchorChannelRemoteFee we've
    seen over the past day (and do not force-close if we haven't been running for
    a full day, #3037).
  • MonitorUpdatingPersister did not read ChannelMonitorUpdates when
    archiving a ChannelMonitor, causing the archived ChannelMonitor to be
    missing some updates. Those updates were not removed from the KVStore and
    monitors being archived should have no pending updates as they were persisted
    on each new block for some time before archiving (#3276).
  • CoinSelections selected for commitment transactions which did not contain a
    change output no longer result in broadcasting a non-standard transaction nor
    in under-paying the target feerate (#3285). Note that such a transaction
    would fail to propagate and LDK would have continued to bump the fee until a
    different CoinSelection is used which did contain a change output.
  • invoice_errors from BOLT 12 recipients now fail payments (#3085, #3192).
  • Fixed a bug which may lead to a missing Event::ChannelClosed and missing
    Error messages for peers when a bogus funding transaction is provided for a
    batch channel open (#3029).
  • Fixed an overflow in RawBolt11Invoice::amount_pico_btc() reachable via
    Bolt11Invoice::amount_milli_satoshis(), resulting in a debug panic or bogus
    value for invoices with invalid values (#3032).
  • In incredibly rare circumstances, when using the beta asynchronous
    persistence, it is possible that the preimage for an MPP claim could fail to
    be persisted in the ChannelMonitor for one or more MPP parts, resulting in
    only some of the payment's value being claimed (#3120).
  • A rare race was fixed which could lead to ChannelMonitorUpdates appearing
    after a full ChannelMonitor persistence th...
Read more

v0.0.123

09 May 00:20
475f736
Compare
Choose a tag to compare

v0.0.123 - May 08, 2024 - "BOLT12 Dust Sweeping"

API Updates

  • To reduce risk of force-closures and improve HTLC reliability the default
    dust exposure limit has been increased to
    MaxDustHTLCExposure::FeeRateMultiplier(10_000). Users with existing
    channels might want to consider using
    ChannelManager::update_channel_config to apply the new default (#3045).
  • ChainMonitor::archive_fully_resolved_channel_monitors is now provided to
    remove from memory ChannelMonitors that have been fully resolved on-chain
    and are now not needed. It uses the new Persist::archive_persisted_channel
    to inform the storage layer that such a monitor should be archived (#2964).
  • An OutputSweeper is now provided which will automatically sweep
    SpendableOutputDescriptors, retrying until the sweep confirms (#2825).
  • After initiating an outbound channel, a peer disconnection no longer results
    in immediate channel closure. Rather, if the peer is reconnected before the
    channel times out LDK will automatically retry opening it (#2725).
  • PaymentPurpose now has separate variants for BOLT12 payments, which
    include fields from the invoice_request as well as the OfferId (#2970).
  • ChannelDetails now includes a list of in-flight HTLCs (#2442).
  • Event::PaymentForwarded now includes skimmed_fee_msat (#2858).
  • The hashbrown dependency has been upgraded and the use of ahash as the
    no-std hash table hash function has been removed. As a consequence, LDK's
    Hash{Map,Set}s no longer feature several constructors when LDK is built
    with no-std; see the util::hash_tables module instead. On platforms that
    getrandom supports, setting the possiblyrandom/getrandom feature flag
    will ensure hash tables are resistant to HashDoS attacks, though the
    possiblyrandom crate should detect most common platforms (#2810, #2891).
  • ChannelMonitor-originated requests to the ChannelSigner can now fail and
    be retried using ChannelMonitor::signer_unblocked (#2816).
  • SpendableOutputDescriptor::to_psbt_input now includes the witness_script
    where available as well as new proprietary data which can be used to
    re-derive some spending keys from the base key (#2761, #3004).
  • OutPoint::to_channel_id has been removed in favor of
    ChannelId::v1_from_funding_outpoint in preparation for v2 channels with a
    different ChannelId derivation scheme (#2797).
  • PeerManager::get_peer_node_ids has been replaced with list_peers and
    peer_by_node_id, which provide more details (#2905).
  • Bolt11Invoice::get_payee_pub_key is now provided (#2909).
  • Default[Message]Router now take an entropy_source argument (#2847).
  • ClosureReason::HTLCsTimedOut has been separated out from
    ClosureReason::HolderForceClosed as it is the most common case (#2887).
  • ClosureReason::CooperativeClosure is now split into
    {Counterparty,Locally}Initiated variants (#2863).
  • Event::ChannelPending::channel_type is now provided (#2872).
  • PaymentForwarded::{prev,next}_user_channel_id are now provided (#2924).
  • Channel init messages have been refactored towards V2 channels (#2871).
  • BumpTransactionEvent now contains the channel and counterparty (#2873).
  • util::scid_utils is now public, with some trivial utilities to examine
    short channel ids (#2694).
  • DirectedChannelInfo::{source,target} are now public (#2870).
  • Bounds in lightning-background-processor were simplified by using
    AChannelManager (#2963).
  • The Persist impl for KVStore no longer requires Sized, allowing for
    the use of dyn KVStore as Persist (#2883, #2976).
  • From<PaymentPreimage> is now implemented for PaymentHash (#2918).
  • NodeId::from_slice is now provided (#2942).
  • ChannelManager deserialization may now fail with DangerousValue when
    LDK's persistence API was violated (#2974).

Bug Fixes

  • Excess fees on counterparty commitment transactions are now included in the
    dust exposure calculation. This lines behavior up with some cases where
    transaction fees can be burnt, making them effectively dust exposure (#3045).
  • Futures used as an std::...::Future could grow in size unbounded if it
    was never woken. For those not using async persistence and using the async
    lightning-background-processor, this could cause a memory leak in the
    ChainMonitor (#2894).
  • Inbound channel requests that fail in
    ChannelManager::accept_inbound_channel would previously have stalled from
    the peer's perspective as no error message was sent (#2953).
  • Blinded path construction has been tuned to select paths more likely to
    succeed, improving BOLT12 payment reliability (#2911, #2912).
  • After a reorg, lightning-transaction-sync could have failed to follow a
    transaction that LDK needed information about (#2946).
  • RecipientOnionFields' custom_tlvs are now propagated to recipients when
    paying with blinded paths (#2975).
  • Event::ChannelClosed is now properly generated and peers are properly
    notified for all channels that as a part of a batch channel open fail to be
    funded (#3029).
  • In cases where user event processing is substantially delayed such that we
    complete multiple round-trips with our peers before a PaymentSent event is
    handled and then restart without persisting the ChannelManager after having
    persisted a ChannelMonitor[Update], on startup we may have Errd trying to
    deserialize the ChannelManager (#3021).
  • If a peer has relatively high latency, PeerManager may have failed to
    establish a connection (#2993).
  • ChannelUpdate messages broadcasted for our own channel closures are now
    slightly more robust (#2731).
  • Deserializing malformed BOLT11 invoices may have resulted in an integer
    overflow panic in debug builds (#3032).
  • In exceedingly rare cases (no cases of this are known), LDK may have created
    an invalid serialization for a ChannelManager (#2998).
  • Message processing latency handling BOLT12 payments has been reduced (#2881).
  • Latency in processing Event::SpendableOutputs may be reduced (#3033).

Node Compatibility

  • LDK's blinded paths were inconsistent with other implementations in several
    ways, which have been addressed (#2856, #2936, #2945).
  • LDK's messaging blinded paths now support the latest features which some
    nodes may begin relying on soon (#2961).
  • LDK's BOLT12 structs have been updated to support some last-minute changes to
    the spec (#3017, #3018).
  • CLN v24.02 requires the gossip_queries feature for all peers, however LDK
    by default does not set it for those not using a P2PGossipSync (e.g. those
    using RGS). This change was reverted in CLN v24.02.2 however for now LDK
    always sets the gossip_queries feature. This change is expected to be
    reverted in a future LDK release (#2959).

Security

0.0.123 fixes a denial-of-service vulnerability which we believe to be reachable
from untrusted input when parsing invalid BOLT11 invoices containing non-ASCII
characters.

  • BOLT11 invoices with non-ASCII characters in the human-readable-part may
    cause an out-of-bounds read attempt leading to a panic (#3054). Note that all
    BOLT11 invoices containing non-ASCII characters are invalid.

In total, this release features 150 files changed, 19307 insertions, 6306
deletions in 360 commits since 0.0.121 from 17 authors, in alphabetical order:

  • Arik Sosman
  • Duncan Dean
  • Elias Rohrer
  • Evan Feenstra
  • Jeffrey Czyz
  • Keyue Bao
  • Matt Corallo
  • Orbital
  • Sergi Delgado Segura
  • Valentine Wallace
  • Willem Van Lint
  • Wilmer Paulino
  • benthecarman
  • jbesraa
  • olegkubrakov
  • optout
  • shaavan

v0.0.122

09 Apr 20:26
27e5519
Compare
Choose a tag to compare

0.0.122 - Apr 09, 2024 - "That Which Is Untested Is Broken"

Bug Fixes

  • Route objects did not successfully round-trip through de/serialization
    since LDK 0.0.117, which has now been fixed (#2897).
  • Correct deserialization of unknown future enum variants. This ensures
    downgrades from future versions of LDK do not result in read failures or
    corrupt reads in cases where enums are written (#2969).
  • When hitting lnd bug 6039, our workaround previously resulted in
    ChannelManager persistences on every round-trip with our peer. These
    useless persistences are now skipped (#2937).

In total, this release features 4 files changed, 99 insertions, 55
deletions in 6 commits from 1 author, in alphabetical order:

  • Matt Corallo

v0.0.121

09 Apr 20:25
4bab9c8
Compare
Choose a tag to compare

0.0.121 - Jan 22, 2024 - "Unwraps are Bad"

Bug Fixes

  • Fix a deadlock when calling batch_funding_transaction_generated with
    invalid input (#2841).

Security

0.0.121 fixes a denial-of-service vulnerability which is reachable from
untrusted input from peers in rare cases if we have a public channel or in
common cases if P2PGossipSync is used.

  • A peer that failed to complete its handshake would cause a reachable
    unwrap in LDK since 0.0.119 when LDK attempts to broadcast gossip to all
    peers (#2842).

In total, this release features 4 files changed, 52 insertions, 10
deletions in 4 commits from 2 authors, in alphabetical order:

  • Jeffrey Czyz
  • Matt Corallo

v0.0.120

17 Jan 23:44
5592378
Compare
Choose a tag to compare

v0.0.120 - Jan 17, 2024 - "Unblinded Fuzzers"

API Updates

  • The PeerManager bound on UtxoLookup was removed entirely. This enables
    use of UtxoLookup in cases broken in 0.0.119 by #2773 (#2822).
  • LDK now exposes and fully implements the route blinding feature (#2812).
  • The lightning-transaction-sync crate no longer relies on system time
    without the time feature (#2799, #2817).
  • lightning::onion_message's module layout has changed (#2821).
  • Event::ChannelClosed now includes the channel_funding_txo (#2800).
  • CandidateRouteHop variants were destructured into individual structs,
    hiding some fields which were not generally consumable (#2802).

Bug Fixes

  • Fixed a rare issue where lightning-net-tokio may not fully flush its send
    buffer, leading to connection hangs (#2832).
  • Fixed a panic which may occur when connecting to a peer if we opened a second
    channel with that peer while they were disconnected (#2808).
  • Retries for a payment which previously failed in a blinded path will now
    always use an alternative blinded path (#2818).
  • Feature's Eq and Hash implementation now ignore dummy bytes (#2808).
  • Some missing DiscardFunding or ChannelClosed events are now generated in
    rare funding-related failures (#2809).
  • Fixed a privacy issue in blinded path generation where the real
    cltv_expiry_delta would be exposed to senders (#2831).

Security

0.0.120 fixes a denial-of-service vulnerability which is reachable from
untrusted input from peers if the UserConfig::manually_accept_inbound_channels
option is enabled.

  • A peer that sent an open_channel message with the channel_type field
    unfilled would trigger a reachable unwrap since LDK 0.0.117 (#2808).
  • In protocols where a funding output is shared with our counterparty before
    it is given to LDK, a malicious peer could have caused a reachable panic
    by reusing the same funding info in (#2809).

In total, this release features 67 files changed, 3016 insertions, 2473
deletions in 79 commits from 9 authors, in alphabetical order:

  • Elias Rohrer
  • Jeffrey Czyz
  • José A.P
  • Matt Corallo
  • Tibo-lg
  • Valentine Wallace
  • benthecarman
  • optout
  • shuoer86

v0.0.119

16 Jan 02:18
4deb263
Compare
Choose a tag to compare

v0.0.119 - Dec 15, 2023 - "Spring Cleaning for Christmas"

API Updates

  • The LDK crate ecosystem MSRV has been increased to 1.63 (#2681).
  • The bitcoin dependency has been updated to version 0.30 (#2740).
  • lightning-invoice::payment::* have been replaced with parameter generation
    via payment_parameters_from[_zero_amount]_invoice (#2727).
  • {CoinSelection,Wallet}Source::sign_tx are now sign_psbt, providing more
    information, incl spent outputs, about the transaction being signed (#2775).
  • Logger Records now include channel_id and peer_id fields. These are
    opportunistically filled in when a log record is specific to a given channel
    and/or peer, and may occasionally be spuriously empty (#2314).
  • When handling send or reply onion messages (e.g. for BOLT12 payments), a new
    Event::ConnectionNeeded may be raised, indicating a direct connection
    should be made to a payee or an introduction point. This event is expected to
    be removed once onion message forwarding is widespread in the network (#2723)
  • Scoring data decay now happens via ScoreUpDate::time_passed, called from
    lightning-background-processor. process_events_async now takes a new
    time-fetch function, and ScoreUpDate methods now take the current time as a
    Duration argument. This avoids fetching time during pathfinding (#2656).
  • Receiving payments to multi-hop blinded paths is now supported (#2688).
  • MessageRouter and Router now feature methods to generate blinded paths to
    the local node for incoming messages and payments. Router now extends
    MessageRouter, and both are used in ChannelManager when processing or
    creating BOLT12 structures to generate multi-hop blinded paths (#1781).
  • lightning-transaction-sync now supports Electrum-based sync (#2685).
  • Confirm::get_relevant_txids now returns the height at which a transaction
    was confirmed. This can be used to assist in reorg detection (#2685).
  • ConfirmationTarget::MaxAllowedNonAnchorChannelRemoteFee has been removed.
    Non-anchor channel feerates are bounded indirectly through
    ChannelConfig::max_dust_htlc_exposure (#2696).
  • lightning-invoice Descriptions now rely on UntrustedString for
    sanitization (#2730).
  • ScoreLookUp::channel_penalty_msat now uses CandidateRouteHop (#2551).
  • The EcdsaChannelSigner trait was moved to lightning::sign::ecdsa (#2512).
  • SignerProvider::get_destination_script now takes channel_keys_id (#2744)
  • SpendableOutputDescriptor::StaticOutput now has channel_keys_id (#2749).
  • EcdsaChannelSigner::sign_counterparty_commitment now takes HTLC preimages
    for both inbound and outbound HTLCs (#2753).
  • ClaimedHTLC now includes a counterparty_skimmed_fee_msat field (#2715).
  • peel_payment_onion was added to decode an encrypted onion for a payment
    without receiving an HTLC. This allows for stateless verification of if a
    theoretical payment would be accepted prior to receipt (#2700).
  • create_payment_onion was added to construct an encrypted onion for a
    payment path without sending an HTLC immediately (#2677).
  • Various keys used in channels are now wrapped to provide type-safety for
    specific usages of the keys (#2675).
  • TaggedHash now includes the raw tag and merkle_root (#2687).
  • Offer::is_expired_no_std was added (#2689).
  • PaymentPurpose::preimage() was added (#2768).
  • temporary_channel_id can now be specified in create_channel (#2699).
  • Wire definitions for splicing messages were added (#2544).
  • Various lightning-invoice structs now impl Display, now have pub fields,
    or impl From (#2730).
  • The Hash trait is now implemented for more structs, incl P2P msgs (#2716).

Performance Improvements

  • Memory allocations (though not memory usage) have been substantially reduced,
    meaning less overhead and hopefully less memory fragmentation (#2708, #2779).

Bug Fixes

  • Since 0.0.117, calling close_channel* on a channel which has not yet been
    funded would previously result in an infinite loop and hang (#2760).
  • Since 0.0.116, sending payments requiring data in the onion for the recipient
    which was too large for the onion may have caused corruption which resulted
    in payment failure (#2752).
  • Cooperative channel closure on channels with remaining output HTLCs may have
    spuriously force-closed (#2529).
  • In LDK versions 0.0.116 through 0.0.118, in rare cases where skimmed fees are
    present on shutdown the ChannelManager may fail to deserialize (#2735).
  • ChannelConfig::max_dust_exposure values which, converted to absolute fees,
    exceeded 2^63 - 1 would result in an overflow and could lead to spurious
    payment failures or channel closures (#2722).
  • In cases where LDK is operating with provably-stale state, it panics to
    avoid funds loss. This may not have happened in cases where LDK was behind
    only exactly one state, leading instead to a revoked broadcast and funds
    loss (#2721).
  • Fixed a bug where decoding Txids from Bitcoin Core JSON-RPC responses using
    lightning-block-sync would not properly byte-swap the hash. Note that LDK
    does not use this API internally (#2796).

Backwards Compatibility

  • ChannelManagers written with LDK 0.0.119 are no longer readable by versions
    of LDK prior to 0.0.113. Users wishing to downgrade to LDK 0.0.112 or before
    can read an 0.0.119-serialized ChannelManager with a version of LDK from
    0.0.113 to 0.0.118, re-serialize it, and then downgrade (#2708).
  • Nodes that upgrade to 0.0.119 and subsequently downgrade after receiving a
    payment to a blinded path may leak recipient information if one or more of
    those HTLCs later fails (#2688).
  • Similarly, forwarding a blinded HTLC and subsequently downgrading to an LDK
    version prior to 0.0.119 may result in leaking the path information to the
    payment sender (#2540).

In total, this release features 148 files changed, 13780 insertions, 6279
deletions in 280 commits from 22 authors, in alphabetical order:

  • Arik Sosman
  • Chris Waterson
  • Elias Rohrer
  • Evan Feenstra
  • Gursharan Singh
  • Jeffrey Czyz
  • John Cantrell
  • Lalitmohansharma1
  • Matt Corallo
  • Matthew Rheaume
  • Orbital
  • Rachel Malonson
  • Valentine Wallace
  • Willem Van Lint
  • Wilmer Paulino
  • alexanderwiederin
  • benthecarman
  • henghonglee
  • jbesraa
  • olegkubrakov
  • optout
  • shaavan

v0.0.118

24 Oct 01:34
d2242f6
Compare
Choose a tag to compare

0.0.118 - Oct 23, 2023 - "Just the Twelve Sinks"

API Updates

  • BOLT12 sending and receiving is now supported as an alpha feature. You may
    run into unexpected issues and will need to have a direct connection with
    the offer's blinded path introduction points as messages are not yet routed.
    We are seeking feedback from early testers (#2578, #2039).
  • ConfirmationTarget has been rewritten to provide information about the
    specific use LDK needs the feerate estimate for, rather than the generic
    low-, medium-, and high-priority estimates. This allows LDK users to more
    accurately target their feerate estimates (#2660). For those wishing to
    retain their existing behavior, see the table below for conversion.
  • ChainHash is now used in place of BlockHash where it represents the
    genesis block (#2662).
  • lightning-invoice payment utilities now take a Deref to
    AChannelManager (#2652).
  • peel_onion is provided to statelessly decode an OnionMessage (#2599).
  • ToSocketAddrs + Display are now impl'd for SocketAddress (#2636, #2670)
  • Display is now implemented for OutPoint (#2649).
  • Features::from_be_bytes is now provided (#2640).

For those moving to the new ConfirmationTarget, the new variants in terms of
the old mempool/low/medium/high priorities are as follows:

  • OnChainSweep = HighPriority
  • MaxAllowedNonAnchorChannelRemoteFee = max(25 * 250, HighPriority * 10)
  • MinAllowedAnchorChannelRemoteFee = MempoolMinimum
  • MinAllowedNonAnchorChannelRemoteFee = Background - 250
  • AnchorChannelFee = Background
  • NonAnchorChannelFee = Normal
  • ChannelCloseMinimum = Background

Bug Fixes

  • Calling ChannelManager::close_channel[_with_feerate_and_script] on a
    channel which did not exist would immediately hang holding several key
    ChannelManager-internal locks (#2657).
  • Channel information updates received from a failing HTLC are no longer
    applied to our NetworkGraph. This prevents a node which we attempted to
    route a payment through from being able to learn the sender of the payment.
    In some rare cases, this may result in marginally reduced payment success
    rates (#2666).
  • Anchor outputs are now properly considered when calculating the amount
    available to send in HTLCs. This can prevent force-closes in anchor channels
    when sending payments which overflow the available balance (#2674).
  • A peer that sends an update_fulfill_htlc message for a forwarded HTLC,
    then reconnects prior to sending a commitment_signed (thus retransmitting
    their update_fulfill_htlc) may result in the channel stalling and being
    unable to make progress (#2661).
  • In exceedingly rare circumstances, messages intended to be sent to a peer
    prior to reconnection can be sent after reconnection. This could result in
    undefined channel state and force-closes (#2663).

Backwards Compatibility

  • Creating a blinded path to receive a payment then downgrading to LDK prior to
    0.0.117 may result in failure to receive the payment (#2413).
  • Calling ChannelManager::pay_for_offer or
    ChannelManager::create_refund_builder may prevent downgrading to LDK prior
    to 0.0.118 until the payment times out and has been removed (#2039).

Node Compatibility

  • LDK now sends a bogus channel_reestablish message to peers when they ask to
    resume an unknown channel. This should cause LND nodes to force-close and
    broadcast the latest channel state to the chain. In order to trigger this
    when we wish to force-close a channel, LDK now disconnects immediately after
    sending a channel-closing error message. This should result in cooperative
    peers also working to confirm the latest commitment transaction when we wish
    to force-close (#2658).

Security

0.0.118 expands mitigations against transaction cycling attacks to non-anchor
channels, though note that no mitigations which exist today are considered robust
to prevent the class of attacks.

  • In order to mitigate against transaction cycling attacks, non-anchor HTLC
    transactions are now properly re-signed before broadcasting (#2667).

In total, this release features 61 files changed, 3470 insertions, 1503
deletions in 85 commits from 12 authors, in alphabetical order:

  • Antonio Yang
  • Elias Rohrer
  • Evan Feenstra
  • Fedeparma74
  • Gursharan Singh
  • Jeffrey Czyz
  • Matt Corallo
  • Sergi Delgado Segura
  • Vladimir Fomene
  • Wilmer Paulino
  • benthecarman
  • slanesuke

v0.0.117

04 Oct 02:29
9de51f0
Compare
Choose a tag to compare

0.0.117 - Oct 3, 2023 - "Everything but the Twelve Sinks"

API Updates

  • ProbabilisticScorer's internal models have been substantially improved,
    including better decaying (#1789), a more granular historical channel
    liquidity tracker (#2176) and a now-default option to make our estimate for a
    channel's current liquidity nonlinear in the channel's capacity (#2547). In
    total, these changes should result in improved payment success rates at the
    cost of slightly worse routefinding performance.
  • Support for custom TLVs for recipients of HTLCs has been added (#2308).
  • Support for generating transactions for third-party watchtowers has been
    added to ChannelMonitor/Updates (#2337).
  • KVStorePersister has been replaced with a more generic and featureful
    KVStore interface (#2472).
  • A new MonitorUpdatingPersister is provided which wraps a KVStore and
    implements Persist by writing differential updates rather than full
    ChannelMonitors (#2359).
  • Batch funding of outbound channels is now supported using the new
    ChannelManager::batch_funding_transaction_generated method (#2486).
  • ChannelManager::send_preflight_probes has been added to probe a payment's
    potential paths while a user is providing approval for a payment (#2534).
  • Fully asynchronous ChannelMonitor updating is available as an alpha
    preview. There remain a few known but incredibly rare race conditions which
    may lead to loss of funds (#2112, #2169, #2562).
  • ChannelMonitorUpdateStatus::PermanentFailure has been removed in favor of a
    new ChannelMonitorUpdateStatus::UnrecoverableError. The new variant panics
    on use, rather than force-closing a channel in an unsafe manner, which the
    previous variant did (#2562). Rather than panicking with the new variant,
    users may wish to use the new asynchronous ChannelMonitor updating using
    ChannelMonitorUpdateStatus::InProgress.
  • RouteParameters::max_total_routing_fee_msat was added to limit the fees
    paid when routing, defaulting to 1% + 50sats when using the new
    from_payment_params_and_value constructor (#2417, #2603, #2604).
  • Implementations of UtxoSource are now provided in lightning-block-sync.
    Those running with a full node should use this to validate gossip (#2248).
  • LockableScore now supports read locking for parallel routefinding (#2197).
  • ChannelMonitor::get_spendable_outputs was added to allow for re-generation
    of SpendableOutputDescriptors for a channel after they were provided via
    Event::SpendableOutputs (#2609, #2624).
  • [u8; 32] has been replaced with a ChannelId newtype for chan ids (#2485).
  • NetAddress was renamed SocketAddress (#2549) and FromStr impl'd (#2134)
  • For no-std users, parse_onion_address was added which creates a
    NetAddress from a "...onion" string and port (#2134, #2633).
  • HTLC information is now provided in Event::PaymentClaimed::htlcs (#2478).
  • The success probability used in historical penalties when scoring is now
    available via historical_estimated_payment_success_probability (#2466).
  • RecentPaymentDetails::*::payment_id has been added (#2567).
  • Route now contains a RouteParameters rather than a PaymentParameters,
    tracking the original arguments passed to routefinding (#2555).
  • Balance::*::claimable_amount_satoshis was renamed amount_satoshis (#2460)
  • *Features::set_*_feature_bit have been added for non-custom flags (#2522).
  • channel_id was added to SpendableOutputs events (#2511).
  • counterparty_node_id and channel_capacity_sats were added to
    ChannelClosed events (#2387).
  • ChannelMonitor now implements Clone for Cloneable signers (#2448).
  • create_onion_message was added to build an onion message (#2583, #2595).
  • HTLCDescriptor now implements Writeable/Readable (#2571).
  • SpendableOutputDescriptor now implements Hash (#2602).
  • MonitorUpdateId now implements Debug (#2594).
  • Payment{Hash,Id,Preimage} now implement Display (#2492).
  • NodeSigner::sign_bolt12_invoice{,request} were added for future use (#2432)

Backwards Compatibility

  • Users migrating to the new KVStore can use a concatentation of
    [{primary_namespace}/[{secondary_namespace}/]]{key} to build a key
    compatible with the previous KVStorePersister interface (#2472).
  • Downgrading after receipt of a payment with custom HTLC TLVs may result in
    unintentionally accepting payments with TLVs you do not understand (#2308).
  • Route objects (including pending payments) written by LDK versions prior
    to 0.0.117 won't be retryable after being deserialized by LDK 0.0.117 or
    above (#2555).
  • Users of the MonitorUpdatingPersister can upgrade seamlessly from the
    default KVStore Persist implementation, however the stored
    ChannelMonitors are deliberately unreadable by the default Persist. This
    ensures the correct downgrade procedure is followed, which is: (#2359)
    • First, make a backup copy of all channel state,
    • then ensure all ChannelMonitorUpdates stored are fully applied to the
      relevant ChannelMonitor,
    • finally, write each full ChannelMonitor using your new Persist impl.

Bug Fixes

  • Anchor channels which were closed by a counterparty broadcasting its
    commitment transaction (i.e. force-closing) would previously not generate a
    SpendableOutputs event for our to_remote (i.e. non-HTLC-encumbered)
    balance. Those with such balances available should fetch the missing
    SpendableOutputDescriptors using the new
    ChannelMonitor::get_spendable_outputs method (#2605).
  • Anchor channels may result in spurious or missing Balance entries for HTLC
    balances (#2610).
  • ChannelManager::send_spontaneous_payment_with_retry spuriously did not
    provide the recipient with enough information to claim the payment, leading
    to all spontaneous payments failing (#2475).
    send_spontaneous_payment_with_route was unaffected.
  • The keysend feature on node announcements was spuriously un-set in 0.0.112
    and has been re-enabled (#2465).
  • Fixed several races which could lead to deadlock when force-closing a channel
    (#2597). These races have not been seen in production.
  • The ChannelManager is persisted substantially less when it has not changed,
    leading to substantially less I/O traffic for it (#2521, #2617).
  • Passing new block data to ChainMonitor no longer results in all other
    monitor operations being blocked until it completes (#2528).
  • When retrying payments, any excess amount sent to the recipient in order to
    meet an htlc_minimum constraint on the path is now no longer included in
    the amount we send in the retry (#2575).
  • Several edge cases in route-finding around HTLC minimums were fixed which
    could have caused invalid routes or panics when built with debug assertions
    (#2570, #2575).
  • Several edge cases in route-finding around HTLC minimums and route hints
    were fixed which would spuriously result in no route found (#2575, #2604).
  • The user_channel_id passed to SignerProvider::generate_channel_keys_id
    for inbound channels is now correctly using the one passed to
    ChannelManager::accept_inbound_channel rather than a default value (#2428).
  • Users of impl_writeable_tlv_based! no longer have use requirements (#2506).
  • No longer force-close channels when counterparties send a channel_update
    with a bogus htlc_minimum_msat, which LND users can manually build (#2611).

Node Compatibility

  • LDK now ignores error messages generated by LND in response to a
    shutdown message, avoiding force-closes due to LND bug 6039. This may
    lead to non-trivial bandwidth usage with LND peers exhibiting this bug
    during the cooperative shutdown process (#2507).

Security

0.0.117 fixes several loss-of-funds vulnerabilities in anchor output channels,
support for which was added in 0.0.116, in reorg handling, and when accepting
channel(s) from counterparties which are miners.

  • When a counterparty broadcasts their latest commitment transaction for a
    channel with anchor outputs, we'd previously fail to build claiming
    transactions against any HTLC outputs in that transaction. This could lead
    to loss of funds if the counterparty is able to eventually claim the HTLC
    after a timeout (#2606).
  • Anchor channels HTLC claims on-chain previously spent the entire value of any
    HTLCs as fee, which has now been fixed (#2587).
  • If a channel is closed via an on-chain commitment transaction confirmation
    with a pending outbound HTLC in the commitment transaction, followed by a
    reorg which replaces the confirmed commitment transaction with a different
    (but non-revoked) commitment transaction, all before we learn the payment
    preimage for this HTLC, we may previously have not generated a proper
    claiming transaction for the HTLC's value (#2623).
  • 0.0.117 now correctly handles channels for which our counterparty funded the
    channel with a coinbase transaction. As such transactions are not spendable
    until they've reached 100 confirmations, this could have resulted in
    accepting HTLC(s) which are not enforcible on-chain (#1924).

In total, this release features 121 files changed, 20477 insertions, 8184
deletions in 381 commits from 27 authors, in alphabetical order:

  • Alec Chen
  • Allan Douglas R. de Oliveira
  • Antonio Yang
  • Arik Sosman
  • Chris Waterson
  • David Caseria
  • DhananjayPurohit
  • Dom Zippilli
  • Duncan Dean
  • Elias Rohrer
  • Erik De Smedt
  • Evan Feenstra
  • Gabor Szabo
  • Gursharan Singh
  • Jeffrey Czyz
  • Joseph Goulden
  • Lalitmohansharma1
  • Matt Corallo
  • Rachel Malonson
  • Sergi Delgado Segura
  • Valentine Wallace
  • Vladimir Fomene
  • Willem Van Lint
    ...
Read more