Allow for trusted inbound 0conf channels

Author: tnull

bindings/ldk_node.udl

@@ -7,6 +7,7 @@ dictionary Config {
 	Network network;
 	NetAddress? listening_address;
 	u32 default_cltv_expiry_delta;
+	sequence<PublicKey> peers_trusted_0conf;
 };
 
 interface Builder {

src/event.rs

@@ -257,7 +257,7 @@ where
 	payment_store: Arc<PaymentStore<K, L>>,
 	runtime: Arc<RwLock<Option<tokio::runtime::Runtime>>>,
 	logger: L,
-	_config: Arc<Config>,
+	config: Arc<Config>,
 }
 
 impl<K: Deref + Clone, L: Deref> EventHandler<K, L>
@@ -269,7 +269,7 @@ where
 		wallet: Arc<Wallet<bdk::database::SqliteDatabase>>, event_queue: Arc<EventQueue<K, L>>,
 		channel_manager: Arc<ChannelManager>, network_graph: Arc<NetworkGraph>,
 		keys_manager: Arc<KeysManager>, payment_store: Arc<PaymentStore<K, L>>,
-		runtime: Arc<RwLock<Option<tokio::runtime::Runtime>>>, logger: L, _config: Arc<Config>,
+		runtime: Arc<RwLock<Option<tokio::runtime::Runtime>>>, logger: L, config: Arc<Config>,
 	) -> Self {
 		Self {
 			event_queue,
@@ -280,7 +280,7 @@ where
 			payment_store,
 			logger,
 			runtime,
-			_config,
+			config,
 		}
 	}
 
@@ -571,7 +571,62 @@ where
 					}
 				}
 			}
-			LdkEvent::OpenChannelRequest { .. } => {}
+			LdkEvent::OpenChannelRequest {
+				temporary_channel_id,
+				counterparty_node_id,
+				funding_satoshis,
+				channel_type: _,
+				push_msat: _,
+			} => {
+				let user_channel_id: u128 = rand::thread_rng().gen::<u128>();
+				if self.config.peers_trusted_0conf.contains(&counterparty_node_id) {
+					match self.channel_manager.accept_inbound_channel_from_trusted_peer_0conf(
+						&temporary_channel_id,
+						&counterparty_node_id,
+						user_channel_id,
+					) {
+						Ok(()) => {
+							log_info!(
+								self.logger,
+								"Accepting inbound 0conf channel of {}sats from trusted peer {}",
+								funding_satoshis,
+								counterparty_node_id,
+							);
+						}
+						Err(e) => {
+							log_error!(
+								self.logger,
+								"Error while accepting inbound 0conf channel from trusted peer {}: {:?}",
+								counterparty_node_id,
+								e,
+							);
+						}
+					}
+				} else {
+					match self.channel_manager.accept_inbound_channel(
+						&temporary_channel_id,
+						&counterparty_node_id,
+						user_channel_id,
+					) {
+						Ok(()) => {
+							log_info!(
+								self.logger,
+								"Accepting inbound channel of {}sats from peer {}",
+								funding_satoshis,
+								counterparty_node_id,
+							);
+						}
+						Err(e) => {
+							log_error!(
+								self.logger,
+								"Error while accepting inbound channel from peer {}: {:?}",
+								counterparty_node_id,
+								e,
+							);
+						}
+					}
+				}
+			}
 			LdkEvent::PaymentForwarded {
 				prev_channel_id,
 				next_channel_id,

src/lib.rs

@@ -191,6 +191,12 @@ pub struct Config {
 	pub listening_address: Option<NetAddress>,
 	/// The default CLTV expiry delta to be used for payments.
 	pub default_cltv_expiry_delta: u32,
+	/// A list of peers which we allow to establish zero confirmation channels to us.
+	///
+	/// **Note:** Allowing payments via zero-confirmation channels is potentially insecure if the
+	/// funding transaction ends up never being confirmed on-chain. Zero-confirmation channels
+	/// should therefore only be accepted from trusted peers.
+	pub peers_trusted_0conf: Vec<PublicKey>,
 }
 
 impl Default for Config {
@@ -201,6 +207,7 @@ impl Default for Config {
 			network: Network::Regtest,
 			listening_address: Some("0.0.0.0:9735".parse().unwrap()),
 			default_cltv_expiry_delta: 144,
+			peers_trusted_0conf: Vec::new(),
 		}
 	}
 }
@@ -470,6 +477,11 @@ impl Builder {
 		// Initialize the ChannelManager
 		let mut user_config = UserConfig::default();
 		user_config.channel_handshake_limits.force_announced_channel_preference = false;
+		if !config.peers_trusted_0conf.is_empty() {
+			// Manually accept inbound channels if we expect 0conf channel requests, avoid
+			// generating the events otherwise.
+			user_config.manually_accept_inbound_channels = true;
+		}
 		let channel_manager = {
 			if let Ok(mut reader) = kv_store
 				.read(CHANNEL_MANAGER_PERSISTENCE_NAMESPACE, CHANNEL_MANAGER_PERSISTENCE_KEY)

src/peer_store.rs

@@ -36,6 +36,10 @@ where
 	pub(crate) fn add_peer(&self, peer_info: PeerInfo) -> Result<(), Error> {
 		let mut locked_peers = self.peers.write().unwrap();
 
+		if locked_peers.contains_key(&peer_info.node_id) {
+			return Ok(());
+		}
+
 		locked_peers.insert(peer_info.node_id, peer_info);
 		self.write_peers_and_commit(&*locked_peers)
 	}

src/test/functional_tests.rs

@@ -254,7 +254,7 @@ fn channel_open_fails_when_funds_insufficient() {
 			node_b.listening_address().unwrap().into(),
 			120000,
 			None,
-			true
+			true,
 		)
 	);
 }
@@ -373,6 +373,96 @@ fn onchain_spend_receive() {
 	assert!(node_b.onchain_balance().unwrap().get_spendable() < 100000);
 }
 
+#[test]
+fn channel_full_cycle_0conf() {
+	let (bitcoind, electrsd) = setup_bitcoind_and_electrsd();
+	println!("== Node A ==");
+	let esplora_url = electrsd.esplora_url.as_ref().unwrap();
+	let config_a = random_config(esplora_url);
+	let node_a = Builder::from_config(config_a).build();
+	node_a.start().unwrap();
+	let addr_a = node_a.new_funding_address().unwrap();
+
+	println!("\n== Node B ==");
+	let mut config_b = random_config(esplora_url);
+	config_b.peers_trusted_0conf.push(node_a.node_id());
+
+	let node_b = Builder::from_config(config_b).build();
+	node_b.start().unwrap();
+	let addr_b = node_b.new_funding_address().unwrap();
+
+	let premine_amount_sat = 100_000;
+
+	premine_and_distribute_funds(
+		&bitcoind,
+		&electrsd,
+		vec![addr_a, addr_b],
+		Amount::from_sat(premine_amount_sat),
+	);
+	node_a.sync_wallets().unwrap();
+	node_b.sync_wallets().unwrap();
+	assert_eq!(node_a.onchain_balance().unwrap().get_spendable(), premine_amount_sat);
+	assert_eq!(node_b.onchain_balance().unwrap().get_spendable(), premine_amount_sat);
+
+	println!("\nA -- connect_open_channel -> B");
+	let funding_amount_sat = 80_000;
+	let push_msat = (funding_amount_sat / 2) * 1000; // balance the channel
+	node_a
+		.connect_open_channel(
+			node_b.node_id(),
+			node_b.listening_address().unwrap(),
+			funding_amount_sat,
+			Some(push_msat),
+			true,
+		)
+		.unwrap();
+
+	node_a.sync_wallets().unwrap();
+	node_b.sync_wallets().unwrap();
+
+	expect_event!(node_a, ChannelPending);
+
+	let _funding_txo = match node_b.next_event() {
+		ref e @ Event::ChannelPending { funding_txo, .. } => {
+			println!("{} got event {:?}", std::stringify!(node_b), e);
+			node_b.event_handled();
+			funding_txo
+		}
+		ref e => {
+			panic!("{} got unexpected event!: {:?}", std::stringify!(node_b), e);
+		}
+	};
+
+	node_a.sync_wallets().unwrap();
+	node_b.sync_wallets().unwrap();
+
+	expect_event!(node_a, ChannelReady);
+	let _channel_id = match node_b.next_event() {
+		ref e @ Event::ChannelReady { ref channel_id, .. } => {
+			println!("{} got event {:?}", std::stringify!(node_b), e);
+			node_b.event_handled();
+			channel_id.clone()
+		}
+		ref e => {
+			panic!("{} got unexpected event!: {:?}", std::stringify!(node_b), e);
+		}
+	};
+
+	node_a.sync_wallets().unwrap();
+	node_b.sync_wallets().unwrap();
+
+	println!("\nB receive_payment");
+	let invoice_amount_1_msat = 1000000;
+	let invoice = node_b.receive_payment(invoice_amount_1_msat, &"asdf", 9217).unwrap();
+
+	println!("\nA send_payment");
+	let payment_hash = node_a.send_payment(&invoice).unwrap();
+	expect_event!(node_a, PaymentSuccessful);
+	expect_event!(node_b, PaymentReceived);
+	assert_eq!(node_a.payment(&payment_hash).unwrap().status, PaymentStatus::Succeeded);
+	assert_eq!(node_a.payment(&payment_hash).unwrap().direction, PaymentDirection::Outbound);
+}
+
 #[test]
 fn sign_verify_msg() {
 	let (_, electrsd) = setup_bitcoind_and_electrsd();