Fix liquidity event cancellation in select loop

amackillop · amackillop · commit 28098405c609 · 2026-04-21T12:14:50.000-07:00
handle_next_event() both consumed events from the queue via
next_event_async() and processed them inline, including
spawn_blocking(...).await calls for wallet checks. Because
this ran as a polled future inside tokio::select!, any tick
timer firing while the handler was suspended at an .await
point would cancel the future. The event had already been
dequeued, so it was silently lost.

Split event receipt from processing: next_event_async() is
polled as the select! future (cancellation-safe since it only
dequeues on Poll::Ready), and handle_event() runs in the
handler block which select! guarantees runs to completion
before the next iteration.

This was the root cause of JIT channel opens and splices
timing out in production. The HTLC would be intercepted,
the OpenChannel event consumed from the queue, but a timer
tick would cancel processing before create_channel was called.
The peer would disconnect after 40s and the HTLC would expire.
diff --git a/src/lib.rs b/src/lib.rs
@@ -651,6 +651,7 @@ impl Node {
 				// First tick fires immediately; consume it so we don't run at t=0.
 				pending_htlc_interval.tick().await;
 				expiry_check_interval.tick().await;
+				let lm = liquidity_handler.liquidity_manager();
 				loop {
 					tokio::select! {
 						_ = stop_liquidity_handler.changed() => {
@@ -666,7 +667,9 @@ impl Node {
 						_ = expiry_check_interval.tick() => {
 							liquidity_handler.handle_expired_htlcs().await;
 						}
-						_ = liquidity_handler.handle_next_event() => {}
+						event = lm.next_event_async() => {
+							liquidity_handler.handle_event(event).await;
+						}
 					}
 				}
 			});
diff --git a/src/liquidity.rs b/src/liquidity.rs
@@ -523,8 +523,12 @@ where
 		}
 	}
 
-	pub(crate) async fn handle_next_event(&self) {
-		match self.liquidity_manager.next_event_async().await {
+	/// Handles a single liquidity event. Must be called from a context that
+	/// guarantees the future runs to completion (e.g. a `select!` handler block),
+	/// since event processing includes `.await` points that are not
+	/// cancellation-safe.
+	pub(crate) async fn handle_event(&self, event: LiquidityEvent) {
+		match event {
 			LiquidityEvent::LSPS1Client(LSPS1ClientEvent::SupportedOptionsReady {
 				request_id,
 				counterparty_node_id,

Original file line number	Diff line number	Diff line change
`@@ -651,6 +651,7 @@ impl Node {`
`651`	`651`	`// First tick fires immediately; consume it so we don't run at t=0.`
`652`	`652`	`pending_htlc_interval.tick().await;`
`653`	`653`	`expiry_check_interval.tick().await;`
	`654`	`+ let lm = liquidity_handler.liquidity_manager();`
`654`	`655`	`loop {`
`655`	`656`	`tokio::select! {`
`656`	`657`	`_ = stop_liquidity_handler.changed() => {`
`@@ -666,7 +667,9 @@ impl Node {`
`666`	`667`	`_ = expiry_check_interval.tick() => {`
`667`	`668`	`liquidity_handler.handle_expired_htlcs().await;`
`668`	`669`	`}`
`669`		`- _ = liquidity_handler.handle_next_event() => {}`
	`670`	`+ event = lm.next_event_async() => {`
	`671`	`+ liquidity_handler.handle_event(event).await;`
	`672`	`+ }`
`670`	`673`	`}`
`671`	`674`	`}`
`672`	`675`	`});`
Original file line number	Diff line number	Diff line change
`@@ -523,8 +523,12 @@ where`
`523`	`523`	`}`
`524`	`524`	`}`
`525`	`525`
`526`		`- pub(crate) async fn handle_next_event(&self) {`
`527`		`- match self.liquidity_manager.next_event_async().await {`
	`526`	`+ /// Handles a single liquidity event. Must be called from a context that`
	`527`	+ /// guarantees the future runs to completion (e.g. a `select!` handler block),
	`528`	+ /// since event processing includes `.await` points that are not
	`529`	`+ /// cancellation-safe.`
	`530`	`+ pub(crate) async fn handle_event(&self, event: LiquidityEvent) {`
	`531`	`+ match event {`
`528`	`532`	`LiquidityEvent::LSPS1Client(LSPS1ClientEvent::SupportedOptionsReady {`
`529`	`533`	`request_id,`
`530`	`534`	`counterparty_node_id,`