sweeper+contractcourt: deadline aware in sweeping anchors #5148
Conversation
Do you mean the issue to start watching the mempool for revealed pre-images or something else entirely? |
Yeah I think that makes sense, if by remote commitment you mean the latest commitment for the remote party, then IIRC we only also attempt to sweep those anchors as at broadcast time since we don't know what's in the mempool, we dont' know exactly which transaction will confirm in the end. There's also a related proposal to simply re-use the source UTXOs for this case: #4860 |
What about the inclusion of the CLTV delta into this heuristic? Lets say we have an outgoing HTLC, and the remote peer is asleep at the wheel for w/e reason and won't come online to pull the pre-image (or attempting to redeem the HTLC on chain would actually be a net loss). In this case we still want to ensure that the commitment gets confirmed before the CLTV delta starts to "tick", as we want to be able to utilize the full CLTV delta period to actually fully resolve the HTLC on chain. |
@Roasbeef No just want to leave room for future change. Previously learnt from @halseth that, we only care about the deadline for local commitment transaction because we can only learn a remote commit tx from chain watcher after the tx is broadcasted and mined, which means it's already confirmed so no need to accelerate it. However, if we switch to mempool then we can learn the remote commit tx before it's confirmed from mempool (most likely unless mempool data is split). In this case, we might have interest in accelerating the remote commit tx. Thus it would change where we perform the calculation of the deadline.
|
Yeah for our outgoing HTLCs we still want to go through the timeout path when necessary. I think the deadline logic can be further extended as, in our local commitment tx, If we have the preimages, the deadline would be the smaller of,
If we don't have the preimage,our deadline would be the least CLTV from outgoing HTLCs. |
yyforyongyu
force-pushed
the
4215-deadline-aware
branch
2 times, most recently
from
0b0b16e
to
403397a
Compare
|
I've updated to test out the alternative, which is to manage the deadline inside contract court. I think this approach is better as the only place we need a deadline is when we call |
yyforyongyu
force-pushed
the
4215-deadline-aware
branch
2 times, most recently
from
3f29178
to
27e4f93
Compare
|
Working on an itest, meanwhile ready for another look. |
contractcourt/channel_arbitrator.go
Outdated
| // Calculate the deadline. Notice that our minHeight may never get | ||
| // updated, which means the passed HTLCs set is empty. We will then | ||
| // fall back to the default value. | ||
| deadline := minHeight - heightHint |
There was a problem hiding this comment.
the height hint here is not necessarily the current block is it?
There was a problem hiding this comment.
I think it could be one block off if a new block is generated during these lines.
What I see here is,
- new blocks comes in ->
advanceState->stateStep, which has the current block, start from this line - the other is from the loop within
advacenState, when the state is changed fromStateBroadcastCommittoStateCommitmentBroadcastedfrom this line after we force close the channel. Depending on how fast these get executed, we might have a new block comes in, and we would be back in case 1.
yyforyongyu
force-pushed
the
4215-deadline-aware
branch
2 times, most recently
from
2b5734b
to
55f983b
Compare
|
Most of the itest failures should be fixed by #5430, saw this on the latest run though: |
IIRC, for bitcoind 1 actually maps to 2, and our implementation of the JSON response is sparsely encoded. |
yyforyongyu
force-pushed
the
4215-deadline-aware
branch
3 times, most recently
from
925ed84
to
41328ba
Compare
This is now fixed. The travis build still failed due to suspected flakes. |
|
Commit check failing as one of the commits doesn't compile: |
| log.Warnf("ChannelArbitrator(%v): deadline is passed with "+ | ||
| "deadlineMinHeight=%d, heightHint=%d", | ||
| c.cfg.ChanPoint, deadlineMinHeight, heightHint) | ||
| deadline = 1 |
There was a problem hiding this comment.
Hmm curious to see what effect this actually has in the wild...
We'll need to double check that these outputs don't get filtered out from the sweeper due to providing "negative yield". The failure mode I'm thinking off here is something like:
- We go to chain for some HTLCs
- These HTLCs aren't very large
- Node is offline for a while for some reason, causes us to miss the deadline
- We publish, then try to sweep w/ 100 sat/vb (just an example)
- The sweeper filters this out and the sweeps never go through /sadface
In theory this can already happen w/ smaller HTLCs, which is why we need to more dynamically control what we think is considered dust.
There was a problem hiding this comment.
Actually this is ok since we'll always set the Force flag for any anchor sweeps. We def have more follow up work to do in this area, but it's certainly a start and better than the current state of things (no bumping at all, pray to Satoshi).
|
|
||
| // When the deadline is passed, we will fall back to the smallest conf | ||
| // target (1 block). | ||
| case deadlineMinHeight <= heightHint: |
|
|
||
| // We expect the default max fee rate is used. Allow some deviation | ||
| // because weight estimates during tx generation are estimates. | ||
| require.InEpsilonf( |
There was a problem hiding this comment.
Nice test function, at times stuff like fees and be pretty fuzzy so I far prefer this to having some brittle arithmetic inline within the test itself.
There was a problem hiding this comment.
LGTM 🏆
Just need to make sure the commits build so it can pass one of the CI tests, and this should be good to land. Excellent work tackling this, has been on my list of things we need to address to increase the security of the core routing network. Other worthy follow ups to this include: the fee bumping function itself, updating CLTV values in real-time based on on-chain conditions, and also updating min HTLC and dust settings based on on-chain conditions.
In this commit, we add a check inside EstimateFeePerKW for bitcoind so that when the conf target exceeds the maxBlockTarget, we will use maxBlockTarget instead.
This commit changes the minBlockTarget used by the WebAPIEstimator to be 1, inline with the bitcoind's accepted min conf target.
This commit adds a new struct AnchorResolutions which wraps the anchor resolutions for local/remote/pending remote commitment transactions. It is then returned from NewAnchorResolutions. Thus the caller knows how to retrieve a certain anchor resolution.
In this commit, we made the change so that when sweeping anchors for the commitment transactions, we will be aware of the deadline which is derived from its HTLC set. It's very likely we will use a much larger conf target from now on, and save us some sats.
This commit adds a deadline field to mockSweeper that can be used to track the customized conf target (deadline) used for sweeping anchors. The relevant test, TestChannelArbitratorAnchors is updated to reflect that the deadlines are indeed taking effect.
This commit adds two tests to check that a) the correct deadline is used given different HTLC sets and b) when sweeping anchors the correct deadlines are used.
In this commit, we add a method in fee service to allow specifying a fee rate with a conf target.
yyforyongyu
force-pushed
the
4215-deadline-aware
branch
from
41328ba
to
c081707
Compare
This is now fixed after rebase. I think I will make an issue to keep track of what to do next. |
|
@yyforyongyu I added a new "task" (they like made it an officially PR now I guess?) to #4215 that tracks the next step: starting to gradually bump up the fee rate as we approach the deadline in real time (right now we'll just re-query for the current fee for the specified deadline/conf-target). I think it makes sense to make new issues for the dynamic CLTV measures, and the other aspects I mentioned above. |
|
Some of the tests fail due to a new error in the itests: Which is benign really AFAICT, and is just part of the auto-logging we have for any errors triggered while handling an RPC request. |
Pushing for concept ack before moving forward.
Current design records the deadline in
AnchorResolution, we can also calculate the deadlines inside thesweepAnchor. The former design has the advantage as we can fine control what deadlines are for remote/local commitment transactions, the latter one however can give much smaller code change and retain the deadline logic insidecontractcourt.Another thing to consider is when extracting info from mempool is supported, things is likely to change here?
Next step,
Some notes on deciding the deadline
For
to_localandto_remoteoutputs, there are no deadlines needed as they can only be spent by us/them.In the revocation path, which doesn't need a deadline either as all other paths are CSV locked.
In our local commitment transaction,
This means the deadline for us would be the least CLTV value found in the incoming HTLCs.
In our remote commitment transaction,
In this case, the deadline for us would be the least CLTV value found in the outgoing HTLCs. However, since we can only learn the remote commit tx after it's confirmed, there's no point in tracking the deadline here?
Fix #4215