Preserve our funding contribution across counterparty RBF attempts

jkczyz · claude · jkczyz · commit 99390f0156ff · 2026-03-12T14:49:44.000-04:00
When the counterparty initiates an RBF and we have no new contribution queued via QuiescentAction, we must re-use our prior contribution so that our splice is not lost. Track contributions in a new field on PendingFunding so the last entry can be re-used in this scenario. Each entry stores the feerate-adjusted version because that reflects what was actually negotiated and allows correct feerate re-adjustment on subsequent RBFs. Only explicitly provided contributions (from a QuiescentAction) append to the vec. Re-used contributions are replaced in-place with the version adjusted for the new feerate so they remain accurate for further RBF rounds, without growing the vec. Add test_splice_rbf_acceptor_recontributes to verify that when the counterparty initiates an RBF and we have no new QuiescentAction queued, our prior contribution is automatically re-used so the splice is preserved. Add test_splice_rbf_recontributes_feerate_too_high to verify that when the counterparty RBFs at a feerate too high for our prior contribution to cover, the RBF is rejected rather than proceeding without our contribution. Add test for sequential RBF splice attempts Add test_splice_rbf_sequential that exercises three consecutive RBF rounds on the same splice (initial → RBF #1 → RBF #2) to verify: - Each round requires the 25/24 feerate increase (253 → 264 → 275) - DiscardFunding events reference the correct funding txid from each replaced candidate - The final RBF splice can be mined and splice_locked successfully Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
diff --git a/lightning/src/ln/channel.rs b/lightning/src/ln/channel.rs
@@ -2902,6 +2902,13 @@ struct PendingFunding {
 	/// The feerate used in the last successfully negotiated funding transaction.
 	/// Used for validating the 25/24 feerate increase rule on RBF attempts.
 	last_funding_feerate_sat_per_1000_weight: Option<u32>,
+
+	/// The funding contributions from all explicit splice/RBF attempts on this channel.
+	/// Each entry reflects the feerate-adjusted contribution that was actually used in that
+	/// negotiation. The last entry is re-used when the counterparty initiates an RBF and we
+	/// have no pending `QuiescentAction`. When re-used as acceptor, the last entry is replaced
+	/// with the version adjusted for the new feerate.
+	contributions: Vec<FundingContribution>,
 }
 
 impl_writeable_tlv_based!(PendingFunding, {
@@ -2910,6 +2917,7 @@ impl_writeable_tlv_based!(PendingFunding, {
 	(5, sent_funding_txid, option),
 	(7, received_funding_txid, option),
 	(8, last_funding_feerate_sat_per_1000_weight, option),
+	(10, contributions, optional_vec),
 });
 
 #[derive(Debug)]
@@ -12149,6 +12157,7 @@ where
 			sent_funding_txid: None,
 			received_funding_txid: None,
 			last_funding_feerate_sat_per_1000_weight: None,
+			contributions: vec![],
 		});
 
 		msgs::SpliceInit {
@@ -12415,15 +12424,19 @@ where
 		let splice_funding =
 			self.validate_splice_init(msg, our_funding_contribution.unwrap_or(SignedAmount::ZERO))?;
 
-		let (our_funding_inputs, our_funding_outputs) = if our_funding_contribution.is_some() {
-			self.take_queued_funding_contribution()
-				.expect("queued_funding_contribution was Some")
-				.for_acceptor_at_feerate(feerate, holder_balance.unwrap())
-				.expect("feerate compatibility already checked")
-				.into_tx_parts()
-		} else {
-			Default::default()
-		};
+		// Adjust for the feerate and clone so we can store it for future RBF re-use.
+		let (adjusted_contribution, our_funding_inputs, our_funding_outputs) =
+			if our_funding_contribution.is_some() {
+				let adjusted_contribution = self
+					.take_queued_funding_contribution()
+					.expect("queued_funding_contribution was Some")
+					.for_acceptor_at_feerate(feerate, holder_balance.unwrap())
+					.expect("feerate compatibility already checked");
+				let (inputs, outputs) = adjusted_contribution.clone().into_tx_parts();
+				(Some(adjusted_contribution), inputs, outputs)
+			} else {
+				(None, Default::default(), Default::default())
+			};
 		let our_funding_contribution = our_funding_contribution.unwrap_or(SignedAmount::ZERO);
 
 		log_info!(
@@ -12454,6 +12467,7 @@ where
 			received_funding_txid: None,
 			sent_funding_txid: None,
 			last_funding_feerate_sat_per_1000_weight: None,
+			contributions: adjusted_contribution.into_iter().collect(),
 		});
 
 		Ok(msgs::SpliceAck {
@@ -12563,24 +12577,71 @@ where
 		fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L,
 	) -> Result<msgs::TxAckRbf, ChannelError> {
 		let feerate = FeeRate::from_sat_per_kwu(msg.feerate_sat_per_1000_weight as u64);
-		let (our_funding_contribution, holder_balance) =
-			self.resolve_queued_contribution(feerate, logger);
+		let (queued_net_value, holder_balance) = self.resolve_queued_contribution(feerate, logger);
+
+		// If no queued contribution, try prior contribution from previous negotiation.
+		// Failing here means the RBF would erase our splice — reject it.
+		let prior_net_value = if queued_net_value.is_some() {
+			None
+		} else if let Some(prior) = self
+			.pending_splice
+			.as_ref()
+			.and_then(|pending_splice| pending_splice.contributions.last())
+		{
+			let net_value = holder_balance
+				.ok_or_else(|| ChannelError::Abort(AbortReason::InsufficientRbfFeerate))
+				.and_then(|holder_balance| {
+					prior
+						.net_value_for_acceptor_at_feerate(feerate, holder_balance)
+						.map_err(|_| ChannelError::Abort(AbortReason::InsufficientRbfFeerate))
+				})?;
+			Some(net_value)
+		} else {
+			None
+		};
+
+		let our_funding_contribution = queued_net_value.or(prior_net_value);
 
 		let rbf_funding = self.validate_tx_init_rbf(
 			msg,
 			our_funding_contribution.unwrap_or(SignedAmount::ZERO),
 			fee_estimator,
 		)?;
 
-		let (our_funding_inputs, our_funding_outputs) = if our_funding_contribution.is_some() {
-			self.take_queued_funding_contribution()
+		// Consume the appropriate contribution source.
+		let (our_funding_inputs, our_funding_outputs) = if queued_net_value.is_some() {
+			let adjusted_contribution = self
+				.take_queued_funding_contribution()
 				.expect("queued_funding_contribution was Some")
 				.for_acceptor_at_feerate(feerate, holder_balance.unwrap())
-				.expect("feerate compatibility already checked")
-				.into_tx_parts()
+				.expect("feerate compatibility already checked");
+			self.pending_splice
+				.as_mut()
+				.expect("pending_splice is Some")
+				.contributions
+				.push(adjusted_contribution.clone());
+			adjusted_contribution.into_tx_parts()
+		} else if prior_net_value.is_some() {
+			let prior_contribution = self
+				.pending_splice
+				.as_mut()
+				.expect("pending_splice is Some")
+				.contributions
+				.pop()
+				.expect("prior_net_value was Some");
+			let adjusted_contribution = prior_contribution
+				.for_acceptor_at_feerate(feerate, holder_balance.unwrap())
+				.expect("feerate compatibility already checked");
+			self.pending_splice
+				.as_mut()
+				.expect("pending_splice is Some")
+				.contributions
+				.push(adjusted_contribution.clone());
+			adjusted_contribution.into_tx_parts()
 		} else {
 			Default::default()
 		};
+
 		let our_funding_contribution = our_funding_contribution.unwrap_or(SignedAmount::ZERO);
 
 		log_info!(
@@ -13567,6 +13628,7 @@ where
 					));
 				},
 				Some(QuiescentAction::Splice { contribution, locktime }) => {
+					let prior_contribution = contribution.clone();
 					let prev_funding_input = self.funding.to_splice_funding_input();
 					let our_funding_contribution = contribution.net_value();
 					let funding_feerate_per_kw = contribution.feerate().to_sat_per_kwu() as u32;
@@ -13584,10 +13646,15 @@ where
 
 					if self.pending_splice.is_some() {
 						let tx_init_rbf = self.send_tx_init_rbf(context);
+						self.pending_splice.as_mut().unwrap()
+							.contributions.push(prior_contribution);
 						return Ok(Some(StfuResponse::TxInitRbf(tx_init_rbf)));
 					}
 
 					let splice_init = self.send_splice_init(context);
+					debug_assert!(self.pending_splice.is_some());
+					self.pending_splice.as_mut().unwrap()
+						.contributions.push(prior_contribution);
 					return Ok(Some(StfuResponse::SpliceInit(splice_init)));
 				},
 				#[cfg(any(test, fuzzing, feature = "_test_utils"))]
diff --git a/lightning/src/ln/funding.rs b/lightning/src/ln/funding.rs
@@ -388,6 +388,17 @@ pub struct FundingContribution {
 	is_splice: bool,
 }
 
+impl_writeable_tlv_based!(FundingContribution, {
+	(1, value_added, required),
+	(3, estimated_fee, required),
+	(5, inputs, optional_vec),
+	(7, outputs, optional_vec),
+	(9, change_output, option),
+	(11, feerate, required),
+	(13, max_feerate, required),
+	(15, is_splice, required),
+});
+
 impl FundingContribution {
 	pub(super) fn feerate(&self) -> FeeRate {
 		self.feerate
diff --git a/lightning/src/ln/splicing_tests.rs b/lightning/src/ln/splicing_tests.rs
