Update BestBlock to store ANTI_REORG_DELAY * 2 recent block hashes

On restart, LDK expects the chain to be replayed starting from
where it was when objects were last serialized. This is fine in the
normal case, but if there was a reorg and the node which we were
syncing from either resynced or was changed, the last block that we
were synced as of might no longer be available. As a result, it
becomes impossible to figure out where the fork point is, and thus
to replay the chain.

Luckily, changing the block source during a reorg isn't exactly
common, but we shouldn't end up with a bricked node.

To address this, `lightning-block-sync` allows the user to pass in
`Cache` which can be used to cache recent blocks and thus allow for
reorg handling in this case. However, serialization for, and a
reasonable default implementation of a `Cache` was never built.

Instead, here, we start taking a different approach. To avoid
developers having to persist yet another object, we move
`BestBlock` to storing some number of recent block hashes. This
allows us to find the fork point with just the serialized state.

In conjunction with 403dc1a (which
allows us to disconnect blocks without having the stored header),
this should allow us to replay chain state after a reorg even if
we no longer have access to the top few blocks of the old chain
tip.

While we only really need to store `ANTI_REORG_DELAY` blocks (as we
generally assume that any deeper reorg won't happen and thus we
don't guarantee we handle it correctly), its nice to store a few
more to be able to handle more than a six block reorg. While other
parts of the codebase may not be entirely robust against such a
reorg if the transactions confirmed change out from under us, its
entirely possible (and, indeed, common) for reorgs to contain
nearly identical transactions.

Author: TheBlueMatt

lightning/src/chain/mod.rs

@@ -18,7 +18,9 @@ use bitcoin::network::Network;
 use bitcoin::script::{Script, ScriptBuf};
 use bitcoin::secp256k1::PublicKey;
 
-use crate::chain::channelmonitor::{ChannelMonitor, ChannelMonitorUpdate, MonitorEvent};
+use crate::chain::channelmonitor::{
+	ChannelMonitor, ChannelMonitorUpdate, MonitorEvent, ANTI_REORG_DELAY,
+};
 use crate::chain::transaction::{OutPoint, TransactionData};
 use crate::ln::types::ChannelId;
 use crate::sign::ecdsa::EcdsaChannelSigner;
@@ -43,27 +45,96 @@ pub struct BestBlock {
 	pub block_hash: BlockHash,
 	/// The height at which the block was confirmed.
 	pub height: u32,
+	/// Previous blocks immediately before [`Self::block_hash`], in reverse chronological order.
+	///
+	/// These ensure we can find the fork point of a reorg if our block source no longer has the
+	/// previous best tip after a restart.
+	pub previous_blocks: [Option<BlockHash>; ANTI_REORG_DELAY as usize * 2],
 }
 
 impl BestBlock {
 	/// Constructs a `BestBlock` that represents the genesis block at height 0 of the given
 	/// network.
 	pub fn from_network(network: Network) -> Self {
-		BestBlock { block_hash: genesis_block(network).header.block_hash(), height: 0 }
+		let block_hash = genesis_block(network).header.block_hash();
+		let previous_blocks = [None; ANTI_REORG_DELAY as usize * 2];
+		BestBlock { block_hash, height: 0, previous_blocks }
 	}
 
 	/// Returns a `BestBlock` as identified by the given block hash and height.
 	///
 	/// This is not exported to bindings users directly as the bindings auto-generate an
 	/// equivalent `new`.
 	pub fn new(block_hash: BlockHash, height: u32) -> Self {
-		BestBlock { block_hash, height }
+		let previous_blocks = [None; ANTI_REORG_DELAY as usize * 2];
+		BestBlock { block_hash, height, previous_blocks }
+	}
+
+	/// Advances to a new block at height [`Self::height`] + 1.
+	pub fn advance(&mut self, new_hash: BlockHash) {
+		// Shift all block hashes to the right (making room for the old tip at index 0)
+		for i in (1..self.previous_blocks.len()).rev() {
+			self.previous_blocks[i] = self.previous_blocks[i - 1];
+		}
+
+		// The old tip becomes the new index 0 (tip-1)
+		self.previous_blocks[0] = Some(self.block_hash);
+
+		// Update to the new tip
+		self.block_hash = new_hash;
+		self.height += 1;
+	}
+
+	/// Returns the block hash at the given height, if available in our history.
+	pub fn get_hash_at_height(&self, height: u32) -> Option<BlockHash> {
+		if height > self.height {
+			return None;
+		}
+		if height == self.height {
+			return Some(self.block_hash);
+		}
+
+		// offset = 1 means we want tip-1, which is block_hashes[0]
+		// offset = 2 means we want tip-2, which is block_hashes[1], etc.
+		let offset = self.height.saturating_sub(height) as usize;
+		if offset >= 1 && offset <= self.previous_blocks.len() {
+			self.previous_blocks[offset - 1]
+		} else {
+			None
+		}
+	}
+
+	/// Find the most recent common ancestor between two BestBlocks by searching their block hash
+	/// histories.
+	///
+	/// Returns the common block hash and height, or None if no common block is found in the
+	/// available histories.
+	pub fn find_common_ancestor(&self, other: &BestBlock) -> Option<(BlockHash, u32)> {
+		// First check if either tip matches
+		if self.block_hash == other.block_hash && self.height == other.height {
+			return Some((self.block_hash, self.height));
+		}
+
+		// Check all heights covered by self's history
+		let min_height = self.height.saturating_sub(self.previous_blocks.len() as u32);
+		for check_height in (min_height..=self.height).rev() {
+			if let Some(self_hash) = self.get_hash_at_height(check_height) {
+				if let Some(other_hash) = other.get_hash_at_height(check_height) {
+					if self_hash == other_hash {
+						return Some((self_hash, check_height));
+					}
+				}
+			}
+		}
+		None
 	}
 }
 
 impl_writeable_tlv_based!(BestBlock, {
 	(0, block_hash, required),
+	(1, previous_blocks_read, (legacy, [Option<BlockHash>; ANTI_REORG_DELAY as usize * 2], |us: &BestBlock| Some(us.previous_blocks))),
 	(2, height, required),
+	(unused, previous_blocks, (static_value, previous_blocks_read.unwrap_or([None; ANTI_REORG_DELAY as usize * 2]))),
 });
 
 /// The `Listen` trait is used to notify when blocks have been connected or disconnected from the

lightning/src/util/ser.rs

@@ -1448,6 +1448,33 @@ impl Readable for BlockHash {
 	}
 }
 
+impl Writeable for [Option<BlockHash>; 12] {
+	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
+		for hash_opt in self {
+			match hash_opt {
+				Some(hash) => hash.write(w)?,
+				None => ([0u8; 32]).write(w)?,
+			}
+		}
+		Ok(())
+	}
+}
+
+impl Readable for [Option<BlockHash>; 12] {
+	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
+		use bitcoin::hashes::Hash;
+
+		let mut res = [None; 12];
+		for hash_opt in res.iter_mut() {
+			let buf: [u8; 32] = Readable::read(r)?;
+			if buf != [0; 32] {
+				*hash_opt = Some(BlockHash::from_slice(&buf[..]).unwrap());
+			}
+		}
+		Ok(res)
+	}
+}
+
 impl Writeable for ChainHash {
 	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
 		w.write_all(self.as_bytes())