From b8d0df998ae2c596ae2f8d1613b6d007f39aa84c Mon Sep 17 00:00:00 2001 From: Olaoluwa Osuntokun Date: Sat, 24 Feb 2018 19:19:46 -0800 Subject: [PATCH] lnwallet: when validating fee updates, ensure newFee < balance --- lnwallet/channel.go | 12 ++++++++++-- lnwallet/channel_test.go | 4 ++-- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/lnwallet/channel.go b/lnwallet/channel.go index 7fdcecb9..3cb97f81 100644 --- a/lnwallet/channel.go +++ b/lnwallet/channel.go @@ -3054,7 +3054,7 @@ func (lc *LightningChannel) ChanSyncMsg() (*lnwire.ChannelReestablish, error) { // computeView takes the given htlcView, and calculates the balances, filtered // view (settling unsettled HTLCs), commitment weight and feePerKw, after -// applying the HTLCs to the latest commitment. The returned balanced are the +// applying the HTLCs to the latest commitment. The returned balances are the // balances *before* subtracting the commitment fee from the initiator's // balance. // @@ -5137,10 +5137,18 @@ func (lc *LightningChannel) validateFeeRate(feePerKw SatPerKWeight) error { newFee := lnwire.NewMSatFromSatoshis( feePerKw.FeeForWeight(txWeight), ) - balanceAfterFee := availableBalance - newFee + + // If the total fee exceeds our available balance, then we'll reject + // this update as it would mean we need to trim our entire output. + if newFee > availableBalance { + return fmt.Errorf("cannot apply fee_update=%v sat/kw, new fee "+ + "of %v is greater than balance of %v", int64(feePerKw), + newFee, availableBalance) + } // If this new balance is below our reserve, then we can't accommodate // the fee change, so we'll reject it. + balanceAfterFee := availableBalance - newFee if balanceAfterFee.ToSatoshis() < lc.channelState.LocalChanCfg.ChanReserve { return fmt.Errorf("cannot apply fee_update=%v sat/kw, "+ "insufficient balance: start=%v, end=%v", diff --git a/lnwallet/channel_test.go b/lnwallet/channel_test.go index 66834a19..29895f6f 100644 --- a/lnwallet/channel_test.go +++ b/lnwallet/channel_test.go @@ -2477,7 +2477,7 @@ func TestAddHTLCNegativeBalance(t *testing.T) { } // Alice now has an available balance of 2 BTC. We'll add a new HTLC of - // value 2 BTC, which should make Alice's balance negative (since (she + // value 2 BTC, which should make Alice's balance negative (since she // has to pay a commitment fee). htlcAmt = lnwire.NewMSatFromSatoshis(2 * btcutil.SatoshiPerBitcoin) htlc, _ := createHTLC(numHTLCs+1, htlcAmt) @@ -4378,7 +4378,7 @@ func TestDesyncHTLCs(t *testing.T) { // Alice now has gotten all her original balance (5 BTC) back, however, // adding a new HTLC at this point SHOULD fail, since if she adds the - // HTLC and sign the next state, Bob cannot assume she received the + // HTLC and signs the next state, Bob cannot assume she received the // FailHTLC, and must assume she doesn't have the necessary balance // available. //