Releases: lightningdevkit/rust-lightning
v0.1.0-beta1
Release notes forthcoming.
v0.0.125
0.0.125 - Oct 14, 2024 - "Delayed Beta Testing"
Bug Fixes
- On upgrade to 0.0.124, channels which were at a steady-state (i.e. for which
the counterparty has received our latestrevoke_and_ack
message) will
force-close upon receiving the next channel state update from our
counterparty. When built with debug assertions a debug assertion failure will
occur instead (#3362). - Listeners in a
ChainListenerSet
will now have theirblock_connected
method called, when appropriate, rather than always having their
filtered_block_connected
method called with full block data (#3354). - Routefinding historical liquidity channel scores were made more consistent
for channels which have very little data which has been decayed (#3362). - A debug assertion failure when adding nodes to the network graph after
removal of nodes from the network graph was fixed (#3362).
In total, this release features 6 files changed, 32 insertions, 7
deletions in 5 commits since 0.0.124 from 2 authors, in alphabetical order:
- Elias Rohrer
- Matt Corallo
v0.0.124
0.0.124 - Sep 3, 2024 - "Papercutting Feature Requests"
API Updates
rust-bitcoin
has been updated to 0.32. The newbitcoin-io
crate is now
used for all IO traits, irrespective of the features set on LDK crates.
LDK crates no longer automatically force features on dependent crates where
possible, allowing differentstd
/no-std
settings between LDK and
rust-bitcoin crates (e.g. to disablestd
on LDK to ensure system time is
not accessed while usingbitcoin-io
'sstd
feature). (#3063, #3239, #3249).- A new
lightning_types
crate was added which contains various top-level
types. Using types fromlightning::ln::features
or
Payment{Hash,Preimage,Secret}
fromlightning::ln
or
lightning::ln::types
is now deprecated. The new crate is re-exported as
lightning::types
(#3234, #3253). lightning
now depends onlightning-invoice
, rather than the other way
around. Thelightning_invoice::payment
module has moved to
lightning::ln::bolt11_payment
andlightning_invoice::utils
to
lightning::ln::invoice_utils
(#3234).- Event handlers may now return errors, causing most events to be replayed
immediately without blocking the background processor. See documentation on
individualEvent
s for more information on replay (#2995). ChannelDetails::balance_msat
is deprecated in favor of
ChainMonitor::get_claimable_balances
and theBalance
, which now contains
substantially more details and more accurately calculates a node-wide
balance whenBalance::claimable_amount_satoshis
are summed (#3212, #3247).ConfirmationTarget
has two new variants - aMaximumFeeEstimate
which can
help to avoid spurious force-closes by ensuring we always accept feerates up
to this value from peers as sane and aUrgentOnChainSweep
, replacing
OnChainSweep
and only being used when the on-chain sweep is urgent (#3268).- All
ChannelMonitor
s are no longer persisted after each block connection,
instead spreading them out over a handful of blocks to reduce load spikes.
Note that this will increase the incidence ofChannelMonitor
s that have
different best blocks on startup, requiring some additional chain replay
(but only on someChannelMonitor
s) on startup forListen
users (#2966). - A new format for Rapid Gossip Sync data is now supported which contains
additional node metadata and is more extensible (#3098). ChannelManager::send_payment_with_route
is now deprecated in favor of the
much easier to useChannelmanager::send_payment
. Those who wish to manually
select the route such payments go over should do so by matching the
payment_id
passed tosend_payment
inRouter::find_route_with_id
(#3224)lightning-transaction-sync
now takes mostConfirm
s as a genericDeref
.
You may need an explicitas &(dyn Confirm)
to update existing code (#3101).- HTLCs will now be forwarded over any channel with a peer, rather than only
the specific channel requested by the payment sender (#3127). Event::PaymentFailed
is now used in place ofEvent::InvoiceRequestFailed
,
holding anOption
for the payment hash, which will beNone
when no
invoice has been received (#3192).ChannelManager
now supports intercepting and manually paying
Bolt12Invoice
s, seeUserConfig::manually_handle_bolt12_invoices
(#3078).logger::Record
s now contain aPaymentHash
(#2930).ChainMonitor
no longer uses an opaqueMonitorUpdateId
, opting to reuse
theChannelMonitorUpdate::update_id
instead. Note that you no longer have
to callChainMonitor::channel_monitor_updated
for
ChannelMonitorUpdateStatus::InProgress
updates to a monitor that were
started without aChannelMonitorUpdate
(#2957).NodeAnnouncementInfo
is now an enum holding either a gossip message or
the important fields, reducing the memory usage ofNetworkGraph
(#3072).- Onion message handlers now include a message context, which allows for
blinded path authentication (#3085, #3202). ChannelManager
now supports funding with only a txid and output index, see
ChannelManager::unsafe_manual_funding_transaction_generated
(#3024).- BOLT 12 invoice requests now go out over, and accept responses over, multiple
paths (#3087). OnionMessenger
now supports intercepting and re-forwarding onion messages
for peers that are offline at the time of receipt when constructed with
new_with_offline_peer_interception
(#2973).- Onion message handling trait methods now generally take a
Responder
which
can be used to create aResponseInstruction
to better control how responses
are sent. TheResponseInstruction
can also be converted to
MessageSendInstructions
which can be passed toOnionMessenger
's
send_onion_message
to respond asynchronously (#2907, #2996, #3263). OnionMessenger::process_pending_events_async
was added (#3060).- Blinded paths used for BOLT 12
Offer
/Refund
s are now compact when they
expire relatively soon, making them somewhat smaller (#3011, #3080). ChannelManager::force_close_*
now take a err msg to send to peers (#2889).ChannelDetails::is_public
has been renamed tois_announced
and
ChannelHandshakeConfig::announced_channel
toannounce_for_forwarding
to
address various misconceptions about the purpose of announcement (#3257).BlindedPath
s are now split intoBlindedMessagePath
s and
BlindedPaymentPath
s andadvance_path_by_one
added to each (#3182).BlindedPaymentPath
now includes theBlindedPayInfo
(#3245).- BOLT 12
Offer
/Refund
builders no longer require a description, instead
allowing it to be set on the builder itself (#3018). - The
{Inbound,Outbound}HTLCState{,Details}
andChannelDetails
structs have
moved to theln::channel_state
module (#3089). Event::OpenChannelRequest
now containsparams
andis_announced
(#3019).- Peers are no longer disconnected when we force-close a channel (#3088).
- BOLT12
Offer
andRefund
now implementReadable
(#2965). RecipientOnionFields
is now included inEvent::PaymentClaimed
(#3084).ClosureReason::HolderForceClosed::broadcasted_latest_txn
was added (#3107).EcdsaChannelSigner
no longer needs to beWriteable
and the supertrait
WriteableEcdsaChannelSigner
has been removed (#3059).CustomMessageHandler::peer_{,dis}connected
were added (#3105).lightning_invoice::Description::as_inner()
was added (#3203).- Splice-related wire messages have been updated to the latest spec (#3129).
Bug Fixes
channel_update
messages are no longer extracted from failed payments and
applied to the network graph viaEvent::PaymentPathFailed
, preventing a
node along the path from identifying the sender of a payment (#3083).- In order to prevent senders from identifying the recipient of a BOLT 12 offer
that included a blinded path, cryptographic information from blinded paths
are now included in the invoice request verification (#3085, #3139, #3242). - Routes are now length-limited based on the actual onion contents rather than
a fixed value. This ensures no routes are generated that are unpayable when
sending HTLCs with custom TLVs, blinded paths, or metadata (#3026, #3156). - Unannounced LDK nodes (or ones without a network graph) will now include
unannounced peers as introduction points in blinded paths. This addresses
issues where test networks were not usable for BOLT 12 due to failures to
find paths over private channels to LDK nodes. It will also enable creating
BOLT 12 offers for nodes with no local network graph (#3132). - If a channel partner fails to update the feerate on a channel for some time
and prevailing network feerates increase, LDK will now force-close
automatically to avoid being unable to claim our funds on-chain. In order to
reduce false-positives, it does so by comparing the channel's fee against the
minimumConfirmationTarget::MinAllowed{,Non}AnchorChannelRemoteFee
we've
seen over the past day (and do not force-close if we haven't been running for
a full day, #3037). MonitorUpdatingPersister
did not readChannelMonitorUpdate
s when
archiving aChannelMonitor
, causing the archivedChannelMonitor
to be
missing some updates. Those updates were not removed from theKVStore
and
monitors being archived should have no pending updates as they were persisted
on each new block for some time before archiving (#3276).CoinSelection
s selected for commitment transactions which did not contain a
change output no longer result in broadcasting a non-standard transaction nor
in under-paying the target feerate (#3285). Note that such a transaction
would fail to propagate and LDK would have continued to bump the fee until a
differentCoinSelection
is used which did contain a change output.invoice_error
s from BOLT 12 recipients now fail payments (#3085, #3192).- Fixed a bug which may lead to a missing
Event::ChannelClosed
and missing
Error
messages for peers when a bogus funding transaction is provided for a
batch channel open (#3029). - Fixed an overflow in
RawBolt11Invoice::amount_pico_btc()
reachable via
Bolt11Invoice::amount_milli_satoshis()
, resulting in a debug panic or bogus
value for invoices with invalid values (#3032). - In incredibly rare circumstances, when using the beta asynchronous
persistence, it is possible that the preimage for an MPP claim could fail to
be persisted in theChannelMonitor
for one or more MPP parts, resulting in
only some of the payment's value being claimed (#3120). - A rare race was fixed which could lead to
ChannelMonitorUpdate
s appearing
after a fullChannelMonitor
persistence th...
v0.0.123
v0.0.123 - May 08, 2024 - "BOLT12 Dust Sweeping"
API Updates
- To reduce risk of force-closures and improve HTLC reliability the default
dust exposure limit has been increased to
MaxDustHTLCExposure::FeeRateMultiplier(10_000)
. Users with existing
channels might want to consider using
ChannelManager::update_channel_config
to apply the new default (#3045). ChainMonitor::archive_fully_resolved_channel_monitors
is now provided to
remove from memoryChannelMonitor
s that have been fully resolved on-chain
and are now not needed. It uses the newPersist::archive_persisted_channel
to inform the storage layer that such a monitor should be archived (#2964).- An
OutputSweeper
is now provided which will automatically sweep
SpendableOutputDescriptor
s, retrying until the sweep confirms (#2825). - After initiating an outbound channel, a peer disconnection no longer results
in immediate channel closure. Rather, if the peer is reconnected before the
channel times out LDK will automatically retry opening it (#2725). PaymentPurpose
now has separate variants for BOLT12 payments, which
include fields from theinvoice_request
as well as theOfferId
(#2970).ChannelDetails
now includes a list of in-flight HTLCs (#2442).Event::PaymentForwarded
now includesskimmed_fee_msat
(#2858).- The
hashbrown
dependency has been upgraded and the use ofahash
as the
no-std hash table hash function has been removed. As a consequence, LDK's
Hash{Map,Set}
s no longer feature several constructors when LDK is built
with no-std; see theutil::hash_tables
module instead. On platforms that
getrandom
supports, setting thepossiblyrandom/getrandom
feature flag
will ensure hash tables are resistant to HashDoS attacks, though the
possiblyrandom
crate should detect most common platforms (#2810, #2891). ChannelMonitor
-originated requests to theChannelSigner
can now fail and
be retried usingChannelMonitor::signer_unblocked
(#2816).SpendableOutputDescriptor::to_psbt_input
now includes thewitness_script
where available as well as new proprietary data which can be used to
re-derive some spending keys from the base key (#2761, #3004).OutPoint::to_channel_id
has been removed in favor of
ChannelId::v1_from_funding_outpoint
in preparation for v2 channels with a
differentChannelId
derivation scheme (#2797).PeerManager::get_peer_node_ids
has been replaced withlist_peers
and
peer_by_node_id
, which provide more details (#2905).Bolt11Invoice::get_payee_pub_key
is now provided (#2909).Default[Message]Router
now take anentropy_source
argument (#2847).ClosureReason::HTLCsTimedOut
has been separated out from
ClosureReason::HolderForceClosed
as it is the most common case (#2887).ClosureReason::CooperativeClosure
is now split into
{Counterparty,Locally}Initiated
variants (#2863).Event::ChannelPending::channel_type
is now provided (#2872).PaymentForwarded::{prev,next}_user_channel_id
are now provided (#2924).- Channel init messages have been refactored towards V2 channels (#2871).
BumpTransactionEvent
now contains the channel and counterparty (#2873).util::scid_utils
is now public, with some trivial utilities to examine
short channel ids (#2694).DirectedChannelInfo::{source,target}
are now public (#2870).- Bounds in
lightning-background-processor
were simplified by using
AChannelManager
(#2963). - The
Persist
impl forKVStore
no longer requiresSized
, allowing for
the use ofdyn KVStore
asPersist
(#2883, #2976). From<PaymentPreimage>
is now implemented forPaymentHash
(#2918).NodeId::from_slice
is now provided (#2942).ChannelManager
deserialization may now fail withDangerousValue
when
LDK's persistence API was violated (#2974).
Bug Fixes
- Excess fees on counterparty commitment transactions are now included in the
dust exposure calculation. This lines behavior up with some cases where
transaction fees can be burnt, making them effectively dust exposure (#3045). Future
s used as anstd::...::Future
could grow in size unbounded if it
was never woken. For those not using async persistence and using the async
lightning-background-processor
, this could cause a memory leak in the
ChainMonitor
(#2894).- Inbound channel requests that fail in
ChannelManager::accept_inbound_channel
would previously have stalled from
the peer's perspective as noerror
message was sent (#2953). - Blinded path construction has been tuned to select paths more likely to
succeed, improving BOLT12 payment reliability (#2911, #2912). - After a reorg,
lightning-transaction-sync
could have failed to follow a
transaction that LDK needed information about (#2946). RecipientOnionFields
'custom_tlvs
are now propagated to recipients when
paying with blinded paths (#2975).Event::ChannelClosed
is now properly generated and peers are properly
notified for all channels that as a part of a batch channel open fail to be
funded (#3029).- In cases where user event processing is substantially delayed such that we
complete multiple round-trips with our peers before aPaymentSent
event is
handled and then restart without persisting theChannelManager
after having
persisted aChannelMonitor[Update]
, on startup we may haveErr
d trying to
deserialize theChannelManager
(#3021). - If a peer has relatively high latency,
PeerManager
may have failed to
establish a connection (#2993). ChannelUpdate
messages broadcasted for our own channel closures are now
slightly more robust (#2731).- Deserializing malformed BOLT11 invoices may have resulted in an integer
overflow panic in debug builds (#3032). - In exceedingly rare cases (no cases of this are known), LDK may have created
an invalid serialization for aChannelManager
(#2998). - Message processing latency handling BOLT12 payments has been reduced (#2881).
- Latency in processing
Event::SpendableOutputs
may be reduced (#3033).
Node Compatibility
- LDK's blinded paths were inconsistent with other implementations in several
ways, which have been addressed (#2856, #2936, #2945). - LDK's messaging blinded paths now support the latest features which some
nodes may begin relying on soon (#2961). - LDK's BOLT12 structs have been updated to support some last-minute changes to
the spec (#3017, #3018). - CLN v24.02 requires the
gossip_queries
feature for all peers, however LDK
by default does not set it for those not using aP2PGossipSync
(e.g. those
using RGS). This change was reverted in CLN v24.02.2 however for now LDK
always sets thegossip_queries
feature. This change is expected to be
reverted in a future LDK release (#2959).
Security
0.0.123 fixes a denial-of-service vulnerability which we believe to be reachable
from untrusted input when parsing invalid BOLT11 invoices containing non-ASCII
characters.
- BOLT11 invoices with non-ASCII characters in the human-readable-part may
cause an out-of-bounds read attempt leading to a panic (#3054). Note that all
BOLT11 invoices containing non-ASCII characters are invalid.
In total, this release features 150 files changed, 19307 insertions, 6306
deletions in 360 commits since 0.0.121 from 17 authors, in alphabetical order:
- Arik Sosman
- Duncan Dean
- Elias Rohrer
- Evan Feenstra
- Jeffrey Czyz
- Keyue Bao
- Matt Corallo
- Orbital
- Sergi Delgado Segura
- Valentine Wallace
- Willem Van Lint
- Wilmer Paulino
- benthecarman
- jbesraa
- olegkubrakov
- optout
- shaavan
v0.0.122
0.0.122 - Apr 09, 2024 - "That Which Is Untested Is Broken"
Bug Fixes
Route
objects did not successfully round-trip through de/serialization
since LDK 0.0.117, which has now been fixed (#2897).- Correct deserialization of unknown future enum variants. This ensures
downgrades from future versions of LDK do not result in read failures or
corrupt reads in cases where enums are written (#2969). - When hitting lnd bug 6039, our workaround previously resulted in
ChannelManager
persistences on every round-trip with our peer. These
useless persistences are now skipped (#2937).
In total, this release features 4 files changed, 99 insertions, 55
deletions in 6 commits from 1 author, in alphabetical order:
- Matt Corallo
v0.0.121
0.0.121 - Jan 22, 2024 - "Unwraps are Bad"
Bug Fixes
- Fix a deadlock when calling
batch_funding_transaction_generated
with
invalid input (#2841).
Security
0.0.121 fixes a denial-of-service vulnerability which is reachable from
untrusted input from peers in rare cases if we have a public channel or in
common cases if P2PGossipSync
is used.
- A peer that failed to complete its handshake would cause a reachable
unwrap
in LDK since 0.0.119 when LDK attempts to broadcast gossip to all
peers (#2842).
In total, this release features 4 files changed, 52 insertions, 10
deletions in 4 commits from 2 authors, in alphabetical order:
- Jeffrey Czyz
- Matt Corallo
v0.0.120
v0.0.120 - Jan 17, 2024 - "Unblinded Fuzzers"
API Updates
- The
PeerManager
bound onUtxoLookup
was removed entirely. This enables
use ofUtxoLookup
in cases broken in 0.0.119 by #2773 (#2822). - LDK now exposes and fully implements the route blinding feature (#2812).
- The
lightning-transaction-sync
crate no longer relies on system time
without thetime
feature (#2799, #2817). lightning::onion_message
's module layout has changed (#2821).Event::ChannelClosed
now includes thechannel_funding_txo
(#2800).CandidateRouteHop
variants were destructured into individual structs,
hiding some fields which were not generally consumable (#2802).
Bug Fixes
- Fixed a rare issue where
lightning-net-tokio
may not fully flush its send
buffer, leading to connection hangs (#2832). - Fixed a panic which may occur when connecting to a peer if we opened a second
channel with that peer while they were disconnected (#2808). - Retries for a payment which previously failed in a blinded path will now
always use an alternative blinded path (#2818). Feature
'sEq
andHash
implementation now ignore dummy bytes (#2808).- Some missing
DiscardFunding
orChannelClosed
events are now generated in
rare funding-related failures (#2809). - Fixed a privacy issue in blinded path generation where the real
cltv_expiry_delta
would be exposed to senders (#2831).
Security
0.0.120 fixes a denial-of-service vulnerability which is reachable from
untrusted input from peers if the UserConfig::manually_accept_inbound_channels
option is enabled.
- A peer that sent an
open_channel
message with thechannel_type
field
unfilled would trigger a reachableunwrap
since LDK 0.0.117 (#2808). - In protocols where a funding output is shared with our counterparty before
it is given to LDK, a malicious peer could have caused a reachable panic
by reusing the same funding info in (#2809).
In total, this release features 67 files changed, 3016 insertions, 2473
deletions in 79 commits from 9 authors, in alphabetical order:
- Elias Rohrer
- Jeffrey Czyz
- José A.P
- Matt Corallo
- Tibo-lg
- Valentine Wallace
- benthecarman
- optout
- shuoer86
v0.0.119
v0.0.119 - Dec 15, 2023 - "Spring Cleaning for Christmas"
API Updates
- The LDK crate ecosystem MSRV has been increased to 1.63 (#2681).
- The
bitcoin
dependency has been updated to version 0.30 (#2740). lightning-invoice::payment::*
have been replaced with parameter generation
viapayment_parameters_from[_zero_amount]_invoice
(#2727).{CoinSelection,Wallet}Source::sign_tx
are nowsign_psbt
, providing more
information, incl spent outputs, about the transaction being signed (#2775).- Logger
Record
s now includechannel_id
andpeer_id
fields. These are
opportunistically filled in when a log record is specific to a given channel
and/or peer, and may occasionally be spuriously empty (#2314). - When handling send or reply onion messages (e.g. for BOLT12 payments), a new
Event::ConnectionNeeded
may be raised, indicating a direct connection
should be made to a payee or an introduction point. This event is expected to
be removed once onion message forwarding is widespread in the network (#2723) - Scoring data decay now happens via
ScoreUpDate::time_passed
, called from
lightning-background-processor
.process_events_async
now takes a new
time-fetch function, andScoreUpDate
methods now take the current time as a
Duration
argument. This avoids fetching time during pathfinding (#2656). - Receiving payments to multi-hop blinded paths is now supported (#2688).
MessageRouter
andRouter
now feature methods to generate blinded paths to
the local node for incoming messages and payments.Router
now extends
MessageRouter
, and both are used inChannelManager
when processing or
creating BOLT12 structures to generate multi-hop blinded paths (#1781).lightning-transaction-sync
now supports Electrum-based sync (#2685).Confirm::get_relevant_txids
now returns the height at which a transaction
was confirmed. This can be used to assist in reorg detection (#2685).ConfirmationTarget::MaxAllowedNonAnchorChannelRemoteFee
has been removed.
Non-anchor channel feerates are bounded indirectly through
ChannelConfig::max_dust_htlc_exposure
(#2696).lightning-invoice
Description
s now rely onUntrustedString
for
sanitization (#2730).ScoreLookUp::channel_penalty_msat
now usesCandidateRouteHop
(#2551).- The
EcdsaChannelSigner
trait was moved tolightning::sign::ecdsa
(#2512). SignerProvider::get_destination_script
now takeschannel_keys_id
(#2744)SpendableOutputDescriptor::StaticOutput
now haschannel_keys_id
(#2749).EcdsaChannelSigner::sign_counterparty_commitment
now takes HTLC preimages
for both inbound and outbound HTLCs (#2753).ClaimedHTLC
now includes acounterparty_skimmed_fee_msat
field (#2715).peel_payment_onion
was added to decode an encrypted onion for a payment
without receiving an HTLC. This allows for stateless verification of if a
theoretical payment would be accepted prior to receipt (#2700).create_payment_onion
was added to construct an encrypted onion for a
payment path without sending an HTLC immediately (#2677).- Various keys used in channels are now wrapped to provide type-safety for
specific usages of the keys (#2675). TaggedHash
now includes the rawtag
andmerkle_root
(#2687).Offer::is_expired_no_std
was added (#2689).PaymentPurpose::preimage()
was added (#2768).temporary_channel_id
can now be specified increate_channel
(#2699).- Wire definitions for splicing messages were added (#2544).
- Various
lightning-invoice
structs now implDisplay
, now have pub fields,
or implFrom
(#2730). - The
Hash
trait is now implemented for more structs, incl P2P msgs (#2716).
Performance Improvements
- Memory allocations (though not memory usage) have been substantially reduced,
meaning less overhead and hopefully less memory fragmentation (#2708, #2779).
Bug Fixes
- Since 0.0.117, calling
close_channel*
on a channel which has not yet been
funded would previously result in an infinite loop and hang (#2760). - Since 0.0.116, sending payments requiring data in the onion for the recipient
which was too large for the onion may have caused corruption which resulted
in payment failure (#2752). - Cooperative channel closure on channels with remaining output HTLCs may have
spuriously force-closed (#2529). - In LDK versions 0.0.116 through 0.0.118, in rare cases where skimmed fees are
present on shutdown theChannelManager
may fail to deserialize (#2735). ChannelConfig::max_dust_exposure
values which, converted to absolute fees,
exceeded 2^63 - 1 would result in an overflow and could lead to spurious
payment failures or channel closures (#2722).- In cases where LDK is operating with provably-stale state, it panics to
avoid funds loss. This may not have happened in cases where LDK was behind
only exactly one state, leading instead to a revoked broadcast and funds
loss (#2721). - Fixed a bug where decoding
Txid
s from Bitcoin Core JSON-RPC responses using
lightning-block-sync
would not properly byte-swap the hash. Note that LDK
does not use this API internally (#2796).
Backwards Compatibility
ChannelManager
s written with LDK 0.0.119 are no longer readable by versions
of LDK prior to 0.0.113. Users wishing to downgrade to LDK 0.0.112 or before
can read an 0.0.119-serializedChannelManager
with a version of LDK from
0.0.113 to 0.0.118, re-serialize it, and then downgrade (#2708).- Nodes that upgrade to 0.0.119 and subsequently downgrade after receiving a
payment to a blinded path may leak recipient information if one or more of
those HTLCs later fails (#2688). - Similarly, forwarding a blinded HTLC and subsequently downgrading to an LDK
version prior to 0.0.119 may result in leaking the path information to the
payment sender (#2540).
In total, this release features 148 files changed, 13780 insertions, 6279
deletions in 280 commits from 22 authors, in alphabetical order:
- Arik Sosman
- Chris Waterson
- Elias Rohrer
- Evan Feenstra
- Gursharan Singh
- Jeffrey Czyz
- John Cantrell
- Lalitmohansharma1
- Matt Corallo
- Matthew Rheaume
- Orbital
- Rachel Malonson
- Valentine Wallace
- Willem Van Lint
- Wilmer Paulino
- alexanderwiederin
- benthecarman
- henghonglee
- jbesraa
- olegkubrakov
- optout
- shaavan
v0.0.118
0.0.118 - Oct 23, 2023 - "Just the Twelve Sinks"
API Updates
- BOLT12 sending and receiving is now supported as an alpha feature. You may
run into unexpected issues and will need to have a direct connection with
the offer's blinded path introduction points as messages are not yet routed.
We are seeking feedback from early testers (#2578, #2039). ConfirmationTarget
has been rewritten to provide information about the
specific use LDK needs the feerate estimate for, rather than the generic
low-, medium-, and high-priority estimates. This allows LDK users to more
accurately target their feerate estimates (#2660). For those wishing to
retain their existing behavior, see the table below for conversion.ChainHash
is now used in place ofBlockHash
where it represents the
genesis block (#2662).lightning-invoice
payment utilities now take aDeref
to
AChannelManager
(#2652).peel_onion
is provided to statelessly decode anOnionMessage
(#2599).ToSocketAddrs
+Display
are now impl'd forSocketAddress
(#2636, #2670)Display
is now implemented forOutPoint
(#2649).Features::from_be_bytes
is now provided (#2640).
For those moving to the new ConfirmationTarget
, the new variants in terms of
the old mempool/low/medium/high priorities are as follows:
OnChainSweep
=HighPriority
MaxAllowedNonAnchorChannelRemoteFee
=max(25 * 250, HighPriority * 10)
MinAllowedAnchorChannelRemoteFee
=MempoolMinimum
MinAllowedNonAnchorChannelRemoteFee
=Background - 250
AnchorChannelFee
=Background
NonAnchorChannelFee
=Normal
ChannelCloseMinimum
=Background
Bug Fixes
- Calling
ChannelManager::close_channel[_with_feerate_and_script]
on a
channel which did not exist would immediately hang holding several key
ChannelManager
-internal locks (#2657). - Channel information updates received from a failing HTLC are no longer
applied to ourNetworkGraph
. This prevents a node which we attempted to
route a payment through from being able to learn the sender of the payment.
In some rare cases, this may result in marginally reduced payment success
rates (#2666). - Anchor outputs are now properly considered when calculating the amount
available to send in HTLCs. This can prevent force-closes in anchor channels
when sending payments which overflow the available balance (#2674). - A peer that sends an
update_fulfill_htlc
message for a forwarded HTLC,
then reconnects prior to sending acommitment_signed
(thus retransmitting
theirupdate_fulfill_htlc
) may result in the channel stalling and being
unable to make progress (#2661). - In exceedingly rare circumstances, messages intended to be sent to a peer
prior to reconnection can be sent after reconnection. This could result in
undefined channel state and force-closes (#2663).
Backwards Compatibility
- Creating a blinded path to receive a payment then downgrading to LDK prior to
0.0.117 may result in failure to receive the payment (#2413). - Calling
ChannelManager::pay_for_offer
or
ChannelManager::create_refund_builder
may prevent downgrading to LDK prior
to 0.0.118 until the payment times out and has been removed (#2039).
Node Compatibility
- LDK now sends a bogus
channel_reestablish
message to peers when they ask to
resume an unknown channel. This should cause LND nodes to force-close and
broadcast the latest channel state to the chain. In order to trigger this
when we wish to force-close a channel, LDK now disconnects immediately after
sending a channel-closingerror
message. This should result in cooperative
peers also working to confirm the latest commitment transaction when we wish
to force-close (#2658).
Security
0.0.118 expands mitigations against transaction cycling attacks to non-anchor
channels, though note that no mitigations which exist today are considered robust
to prevent the class of attacks.
- In order to mitigate against transaction cycling attacks, non-anchor HTLC
transactions are now properly re-signed before broadcasting (#2667).
In total, this release features 61 files changed, 3470 insertions, 1503
deletions in 85 commits from 12 authors, in alphabetical order:
- Antonio Yang
- Elias Rohrer
- Evan Feenstra
- Fedeparma74
- Gursharan Singh
- Jeffrey Czyz
- Matt Corallo
- Sergi Delgado Segura
- Vladimir Fomene
- Wilmer Paulino
- benthecarman
- slanesuke
v0.0.117
0.0.117 - Oct 3, 2023 - "Everything but the Twelve Sinks"
API Updates
ProbabilisticScorer
's internal models have been substantially improved,
including better decaying (#1789), a more granular historical channel
liquidity tracker (#2176) and a now-default option to make our estimate for a
channel's current liquidity nonlinear in the channel's capacity (#2547). In
total, these changes should result in improved payment success rates at the
cost of slightly worse routefinding performance.- Support for custom TLVs for recipients of HTLCs has been added (#2308).
- Support for generating transactions for third-party watchtowers has been
added toChannelMonitor/Update
s (#2337). KVStorePersister
has been replaced with a more generic and featureful
KVStore
interface (#2472).- A new
MonitorUpdatingPersister
is provided which wraps aKVStore
and
implementsPersist
by writing differential updates rather than full
ChannelMonitor
s (#2359). - Batch funding of outbound channels is now supported using the new
ChannelManager::batch_funding_transaction_generated
method (#2486). ChannelManager::send_preflight_probes
has been added to probe a payment's
potential paths while a user is providing approval for a payment (#2534).- Fully asynchronous
ChannelMonitor
updating is available as an alpha
preview. There remain a few known but incredibly rare race conditions which
may lead to loss of funds (#2112, #2169, #2562). ChannelMonitorUpdateStatus::PermanentFailure
has been removed in favor of a
newChannelMonitorUpdateStatus::UnrecoverableError
. The new variant panics
on use, rather than force-closing a channel in an unsafe manner, which the
previous variant did (#2562). Rather than panicking with the new variant,
users may wish to use the new asynchronousChannelMonitor
updating using
ChannelMonitorUpdateStatus::InProgress
.RouteParameters::max_total_routing_fee_msat
was added to limit the fees
paid when routing, defaulting to 1% + 50sats when using the new
from_payment_params_and_value
constructor (#2417, #2603, #2604).- Implementations of
UtxoSource
are now provided inlightning-block-sync
.
Those running with a full node should use this to validate gossip (#2248). LockableScore
now supports read locking for parallel routefinding (#2197).ChannelMonitor::get_spendable_outputs
was added to allow for re-generation
ofSpendableOutputDescriptor
s for a channel after they were provided via
Event::SpendableOutputs
(#2609, #2624).[u8; 32]
has been replaced with aChannelId
newtype for chan ids (#2485).NetAddress
was renamedSocketAddress
(#2549) andFromStr
impl'd (#2134)- For
no-std
users,parse_onion_address
was added which creates a
NetAddress
from a "...onion" string and port (#2134, #2633). - HTLC information is now provided in
Event::PaymentClaimed::htlcs
(#2478). - The success probability used in historical penalties when scoring is now
available viahistorical_estimated_payment_success_probability
(#2466). RecentPaymentDetails::*::payment_id
has been added (#2567).Route
now contains aRouteParameters
rather than aPaymentParameters
,
tracking the original arguments passed to routefinding (#2555).Balance::*::claimable_amount_satoshis
was renamedamount_satoshis
(#2460)*Features::set_*_feature_bit
have been added for non-custom flags (#2522).channel_id
was added toSpendableOutputs
events (#2511).counterparty_node_id
andchannel_capacity_sats
were added to
ChannelClosed
events (#2387).ChannelMonitor
now implementsClone
forClone
able signers (#2448).create_onion_message
was added to build an onion message (#2583, #2595).HTLCDescriptor
now implementsWriteable
/Readable
(#2571).SpendableOutputDescriptor
now implementsHash
(#2602).MonitorUpdateId
now implementsDebug
(#2594).Payment{Hash,Id,Preimage}
now implementDisplay
(#2492).NodeSigner::sign_bolt12_invoice{,request}
were added for future use (#2432)
Backwards Compatibility
- Users migrating to the new
KVStore
can use a concatentation of
[{primary_namespace}/[{secondary_namespace}/]]{key}
to build a key
compatible with the previousKVStorePersister
interface (#2472). - Downgrading after receipt of a payment with custom HTLC TLVs may result in
unintentionally accepting payments with TLVs you do not understand (#2308). Route
objects (including pending payments) written by LDK versions prior
to 0.0.117 won't be retryable after being deserialized by LDK 0.0.117 or
above (#2555).- Users of the
MonitorUpdatingPersister
can upgrade seamlessly from the
defaultKVStore
Persist
implementation, however the stored
ChannelMonitor
s are deliberately unreadable by the defaultPersist
. This
ensures the correct downgrade procedure is followed, which is: (#2359)- First, make a backup copy of all channel state,
- then ensure all
ChannelMonitorUpdate
s stored are fully applied to the
relevantChannelMonitor
, - finally, write each full
ChannelMonitor
using your newPersist
impl.
Bug Fixes
- Anchor channels which were closed by a counterparty broadcasting its
commitment transaction (i.e. force-closing) would previously not generate a
SpendableOutputs
event for ourto_remote
(i.e. non-HTLC-encumbered)
balance. Those with such balances available should fetch the missing
SpendableOutputDescriptor
s using the new
ChannelMonitor::get_spendable_outputs
method (#2605). - Anchor channels may result in spurious or missing
Balance
entries for HTLC
balances (#2610). ChannelManager::send_spontaneous_payment_with_retry
spuriously did not
provide the recipient with enough information to claim the payment, leading
to all spontaneous payments failing (#2475).
send_spontaneous_payment_with_route
was unaffected.- The
keysend
feature on node announcements was spuriously un-set in 0.0.112
and has been re-enabled (#2465). - Fixed several races which could lead to deadlock when force-closing a channel
(#2597). These races have not been seen in production. - The
ChannelManager
is persisted substantially less when it has not changed,
leading to substantially less I/O traffic for it (#2521, #2617). - Passing new block data to
ChainMonitor
no longer results in all other
monitor operations being blocked until it completes (#2528). - When retrying payments, any excess amount sent to the recipient in order to
meet anhtlc_minimum
constraint on the path is now no longer included in
the amount we send in the retry (#2575). - Several edge cases in route-finding around HTLC minimums were fixed which
could have caused invalid routes or panics when built with debug assertions
(#2570, #2575). - Several edge cases in route-finding around HTLC minimums and route hints
were fixed which would spuriously result in no route found (#2575, #2604). - The
user_channel_id
passed toSignerProvider::generate_channel_keys_id
for inbound channels is now correctly using the one passed to
ChannelManager::accept_inbound_channel
rather than a default value (#2428). - Users of
impl_writeable_tlv_based!
no longer have use requirements (#2506). - No longer force-close channels when counterparties send a
channel_update
with a bogushtlc_minimum_msat
, which LND users can manually build (#2611).
Node Compatibility
- LDK now ignores
error
messages generated by LND in response to a
shutdown
message, avoiding force-closes due to LND bug 6039. This may
lead to non-trivial bandwidth usage with LND peers exhibiting this bug
during the cooperative shutdown process (#2507).
Security
0.0.117 fixes several loss-of-funds vulnerabilities in anchor output channels,
support for which was added in 0.0.116, in reorg handling, and when accepting
channel(s) from counterparties which are miners.
- When a counterparty broadcasts their latest commitment transaction for a
channel with anchor outputs, we'd previously fail to build claiming
transactions against any HTLC outputs in that transaction. This could lead
to loss of funds if the counterparty is able to eventually claim the HTLC
after a timeout (#2606). - Anchor channels HTLC claims on-chain previously spent the entire value of any
HTLCs as fee, which has now been fixed (#2587). - If a channel is closed via an on-chain commitment transaction confirmation
with a pending outbound HTLC in the commitment transaction, followed by a
reorg which replaces the confirmed commitment transaction with a different
(but non-revoked) commitment transaction, all before we learn the payment
preimage for this HTLC, we may previously have not generated a proper
claiming transaction for the HTLC's value (#2623). - 0.0.117 now correctly handles channels for which our counterparty funded the
channel with a coinbase transaction. As such transactions are not spendable
until they've reached 100 confirmations, this could have resulted in
accepting HTLC(s) which are not enforcible on-chain (#1924).
In total, this release features 121 files changed, 20477 insertions, 8184
deletions in 381 commits from 27 authors, in alphabetical order:
- Alec Chen
- Allan Douglas R. de Oliveira
- Antonio Yang
- Arik Sosman
- Chris Waterson
- David Caseria
- DhananjayPurohit
- Dom Zippilli
- Duncan Dean
- Elias Rohrer
- Erik De Smedt
- Evan Feenstra
- Gabor Szabo
- Gursharan Singh
- Jeffrey Czyz
- Joseph Goulden
- Lalitmohansharma1
- Matt Corallo
- Rachel Malonson
- Sergi Delgado Segura
- Valentine Wallace
- Vladimir Fomene
- Willem Van Lint
...