Merge pull request #9994 from SomberNight/202506_lnwatcher_to_wait_until_fees_go_down

lnwatcher: keep_watching until fees go down

electrum/address_synchronizer.py

@@ -1064,7 +1064,7 @@ class AddressSynchronizer(Logger, EventListener):
             return TxMinedDepth.FREE
         tx_mined_depth = self.get_tx_height(txid)
         height, conf = tx_mined_depth.height, tx_mined_depth.conf
-        if conf > 20:
+        if conf > 20:  # FIXME unify with lnutil.REDEEM_AFTER_DOUBLE_SPENT_DELAY ?
             return TxMinedDepth.DEEP
         elif conf > 0:
             return TxMinedDepth.SHALLOW

electrum/commands.py

@@ -71,7 +71,7 @@ from .lnutil import channel_id_from_funding_tx, LnFeatures, SENT, MIN_FINAL_CLTV
 from .plugin import run_hook, DeviceMgr, Plugins
 from .version import ELECTRUM_VERSION
 from .simple_config import SimpleConfig
-from .fee_policy import FeePolicy
+from .fee_policy import FeePolicy, FEE_ETA_TARGETS, FEERATE_DEFAULT_RELAY
 from . import GuiImportError
 from . import crypto
 from . import constants
@@ -1576,6 +1576,27 @@ class Commands(Logger):
             'tooltip': tooltip,
         }
 
+    @command('n')
+    async def test_inject_fee_etas(self, fee_est):
+        """
+        Inject fee estimates into the network object, as if they were coming from connected servers.
+        Useful on regtest.
+
+        arg:str:fee_est:dict of ETA-based fee estimates, encoded as str
+        """
+        if not isinstance(fee_est, dict):
+            fee_est = ast.literal_eval(fee_est)
+        assert isinstance(fee_est, dict), f"unexpected type for fee_est. got {repr(fee_est)}"
+        # populate missing high-block-number estimates using default relay fee.
+        # e.g. {"25": 2222} -> {"25": 2222, "144": 1000, "1008": 1000}
+        furthest_estimate = max(fee_est.keys()) if fee_est else 0
+        further_fee_est = {
+            eta_target: FEERATE_DEFAULT_RELAY for eta_target in FEE_ETA_TARGETS
+            if eta_target > furthest_estimate
+        }
+        fee_est.update(further_fee_est)
+        self.network.update_fee_estimates(fee_est=fee_est)
+
     @command('w')
     async def removelocaltx(self, txid, wallet: Abstract_Wallet = None):
         """Remove a 'local' transaction from the wallet, and its dependent

electrum/fee_policy.py

@@ -375,8 +375,9 @@ class FeeTimeEstimates:
               just try to do the estimate and handle a potential None result. That way,
               estimation works for targets we have, even if some targets are missing.
         """
-        # we do not request estimate for next block fee, hence -1
-        return len(self.data) == len(FEE_ETA_TARGETS) - 1
+        targets = set(FEE_ETA_TARGETS)
+        targets.discard(1)  # rm "next block" target
+        return all(target in self.data for target in targets)
 
     def set_data(self, nblock_target: int, fee_per_kb: int):
         assert isinstance(nblock_target, int), f"expected int, got {nblock_target!r}"

electrum/lnwatcher.py

@@ -5,11 +5,12 @@
 from typing import TYPE_CHECKING, Optional
 
 from . import util
-from .util import TxMinedInfo, BelowDustLimit
+from .util import TxMinedInfo, BelowDustLimit, NoDynamicFeeEstimates
 from .util import EventListener, event_listener, log_exceptions, ignore_exceptions
 from .transaction import Transaction, TxOutpoint
 from .logging import Logger
 from .address_synchronizer import TX_HEIGHT_LOCAL
+from .lnutil import REDEEM_AFTER_DOUBLE_SPENT_DELAY
 
 
 if TYPE_CHECKING:
@@ -99,6 +100,7 @@ class LNWatcher(Logger, EventListener):
         if not self.adb.is_mine(address):
             return
         # inspect_tx_candidate might have added new addresses, in which case we return early
+        # note: maybe we should wait until adb.is_up_to_date... (?)
         funding_txid = funding_outpoint.split(':')[0]
         funding_height = self.adb.get_tx_height(funding_txid)
         closing_txid = self.adb.get_spender(funding_outpoint)
@@ -159,7 +161,9 @@ class LNWatcher(Logger, EventListener):
             return False
         # detect who closed and get information about how to claim outputs
         is_local_ctx, sweep_info_dict = chan.get_ctx_sweep_info(closing_tx)
-        keep_watching = False if sweep_info_dict else not self.adb.is_deeply_mined(closing_tx.txid())
+        # note: we need to keep watching *at least* until the closing tx is deeply mined,
+        #       possibly longer if there are TXOs to sweep
+        keep_watching = not self.adb.is_deeply_mined(closing_tx.txid())
         # create and broadcast transactions
         for prevout, sweep_info in sweep_info_dict.items():
             prev_txid, prev_index = prevout.split(':')
@@ -169,32 +173,31 @@ class LNWatcher(Logger, EventListener):
                 # do not keep watching if prevout does not exist
                 self.logger.info(f'prevout does not exist for {name}: {prevout}')
                 continue
-            was_added = self.maybe_redeem(sweep_info)
-            spender_txid = self.adb.get_spender(prevout)
+            watch_sweep_info = self.maybe_redeem(sweep_info)
+            spender_txid = self.adb.get_spender(prevout)  # note: LOCAL spenders don't count
             spender_tx = self.adb.get_transaction(spender_txid) if spender_txid else None
             if spender_tx:
                 # the spender might be the remote, revoked or not
                 htlc_sweepinfo = chan.maybe_sweep_htlcs(closing_tx, spender_tx)
                 for prevout2, htlc_sweep_info in htlc_sweepinfo.items():
-                    htlc_was_added = self.maybe_redeem(htlc_sweep_info)
+                    watch_htlc_sweep_info = self.maybe_redeem(htlc_sweep_info)
                     htlc_tx_spender = self.adb.get_spender(prevout2)
                     self.lnworker.wallet.set_default_label(prevout2, htlc_sweep_info.name)
                     if htlc_tx_spender:
                         keep_watching |= not self.adb.is_deeply_mined(htlc_tx_spender)
                         self.maybe_add_accounting_address(htlc_tx_spender, htlc_sweep_info)
                     else:
-                        keep_watching |= htlc_was_added
+                        keep_watching |= watch_htlc_sweep_info
                 keep_watching |= not self.adb.is_deeply_mined(spender_txid)
                 self.maybe_extract_preimage(chan, spender_tx, prevout)
                 self.maybe_add_accounting_address(spender_txid, sweep_info)
             else:
-                keep_watching |= was_added
+                keep_watching |= watch_sweep_info
             self.maybe_add_pending_forceclose(
                 chan=chan,
                 spender_txid=spender_txid,
                 is_local_ctx=is_local_ctx,
                 sweep_info=sweep_info,
-                sweep_info_txo_is_nondust=was_added,
             )
         return keep_watching
 
@@ -202,10 +205,16 @@ class LNWatcher(Logger, EventListener):
         return self._pending_force_closes
 
     def maybe_redeem(self, sweep_info: 'SweepInfo') -> bool:
-        """ returns False if it was dust """
+        """ returns 'keep_watching' """
         try:
             self.lnworker.wallet.txbatcher.add_sweep_input('lnwatcher', sweep_info)
         except BelowDustLimit:
+            # utxo is considered dust at *current* fee estimates.
+            # but maybe the fees atm are very high? We will retry later.
+            pass
+        except NoDynamicFeeEstimates:
+            pass  # will retry later
+        if sweep_info.is_anchor():
             return False
         return True
 
@@ -256,10 +265,18 @@ class LNWatcher(Logger, EventListener):
         spender_txid: Optional[str],
         is_local_ctx: bool,
         sweep_info: 'SweepInfo',
-        sweep_info_txo_is_nondust: bool,  # i.e. we want to sweep it
-    ):
-        """ we are waiting for ctx to be confirmed and there are received htlcs """
-        if is_local_ctx and sweep_info.name == 'received-htlc' and sweep_info_txo_is_nondust:
+    ) -> None:
+        """Adds chan into set of ongoing force-closures if the user should keep the wallet open, waiting for it.
+        (we are waiting for ctx to be confirmed and there are received htlcs)
+        """
+        if is_local_ctx and sweep_info.name == 'received-htlc':
+            cltv = sweep_info.cltv_abs
+            assert cltv is not None, f"missing cltv for {sweep_info}"
+            if self.adb.get_local_height() > cltv + REDEEM_AFTER_DOUBLE_SPENT_DELAY:
+                # We had plenty of time to sweep. The remote also had time to time out the htlc.
+                # Maybe its value has been ~dust at current and past fee levels (every time we checked).
+                # We should not keep warning the user forever.
+                return
             tx_mined_status = self.adb.get_tx_height(spender_txid)
             if tx_mined_status.height == TX_HEIGHT_LOCAL:
                 self._pending_force_closes.add(chan)

electrum/plugins/watchtower/watchtower.py

@@ -202,9 +202,10 @@ class WatchTower(Logger, EventListener):
                 result.update(r)
         return result
 
-    async def sweep_commitment_transaction(self, funding_outpoint, closing_tx):
+    async def sweep_commitment_transaction(self, funding_outpoint: str, closing_tx: Transaction) -> bool:
+        assert closing_tx
         spenders = self.inspect_tx_candidate(funding_outpoint, 0)
-        keep_watching = False
+        keep_watching = not self.adb.is_deeply_mined(closing_tx.txid())
         for prevout, spender in spenders.items():
             if spender is not None:
                 keep_watching |= not self.adb.is_deeply_mined(spender)

electrum/submarine_swaps.py

@@ -32,7 +32,7 @@ from .transaction import (
 from .util import (
     log_exceptions, ignore_exceptions, BelowDustLimit, OldTaskGroup, ca_path, gen_nostr_ann_pow,
     get_nostr_ann_pow_amount, make_aiohttp_proxy_connector, get_running_loop, get_asyncio_loop, wait_for2,
-    run_sync_function_on_asyncio_thread, trigger_callback
+    run_sync_function_on_asyncio_thread, trigger_callback, NoDynamicFeeEstimates
 )
 from . import lnutil
 from .lnutil import hex_to_bytes, REDEEM_AFTER_DOUBLE_SPENT_DELAY, Keypair
@@ -485,6 +485,9 @@ class SwapManager(Logger):
             except BelowDustLimit:
                 self.logger.info('utxo value below dust threshold')
                 return
+            except NoDynamicFeeEstimates:
+                self.logger.info('got NoDynamicFeeEstimates')
+                return
 
     def get_fee_for_txbatcher(self):
         return self._get_tx_fee(self.config.FEE_POLICY_SWAPS)

electrum/txbatcher.py

@@ -99,6 +99,7 @@ class TxBatcher(Logger):
 
     @locked
     def add_sweep_input(self, key: str, sweep_info: 'SweepInfo') -> None:
+        """Can raise BelowDustLimit or NoDynamicFeeEstimates."""
         if sweep_info.txin and sweep_info.txout:
             # detect legacy htlc using name and csv delay
             if sweep_info.name in ['received-htlc', 'offered-htlc'] and sweep_info.csv_delay == 0:
@@ -263,20 +264,25 @@ class TxBatch(Logger):
         self.batch_payments.append(output)
 
     def is_dust(self, sweep_info: SweepInfo) -> bool:
+        """Can raise NoDynamicFeeEstimates."""
         if sweep_info.is_anchor():
             return False
         if sweep_info.txout is not None:
             return False
-        value = sweep_info.txin._trusted_value_sats
+        value = sweep_info.txin.value_sats()
         witness_size = len(sweep_info.txin.make_witness(71*b'\x00'))
         tx_size_vbytes = 84 + witness_size//4     # assumes no batching, sweep to p2wpkh
         self.logger.info(f'{sweep_info.name} size = {tx_size_vbytes}')
-        fee = self.fee_policy.estimate_fee(tx_size_vbytes, network=self.wallet.network, allow_fallback_to_static_rates=True)
+        fee = self.fee_policy.estimate_fee(tx_size_vbytes, network=self.wallet.network)
         return value - fee <= dust_threshold()
 
     @locked
     def add_sweep_input(self, sweep_info: 'SweepInfo') -> None:
+        """Can raise BelowDustLimit or NoDynamicFeeEstimates."""
         if self.is_dust(sweep_info):
+            # note: this uses the current fee estimates. Just because something is dust
+            #       at the current fee levels, if fees go down, it might still become
+            #       worthwhile to sweep. So callers might want to retry later.
             raise BelowDustLimit
         txin = sweep_info.txin
         if txin.prevout in self._unconfirmed_sweeps:

tests/regtest.py

@@ -82,6 +82,9 @@ class TestLightningAB(TestLightning):
     def test_breach_with_spent_htlc(self):
         self.run_shell(['breach_with_spent_htlc'])
 
+    def test_lnwatcher_waits_until_fees_go_down(self):
+        self.run_shell(['lnwatcher_waits_until_fees_go_down'])
+
 
 class TestLightningSwapserver(TestLightning):
     agents = {

tests/regtest/regtest.sh

@@ -90,6 +90,15 @@ function wait_until_spent()
     printf "\n"
 }
 
+function assert_utxo_exists()
+{
+    utxo=$($bitcoin_cli gettxout $1 $2)
+    if [[ -z "$utxo" ]]; then
+        echo "utxo $1:$2 does not exist"
+        exit 1
+    fi
+}
+
 if [[ $# -eq 0 ]]; then
     echo "syntax: init|start|open|status|pay|close|stop"
     exit 1
@@ -308,6 +317,89 @@ if [[ $1 == "swapserver_refund" ]]; then
 fi
 
 
+if [[ $1 == "lnwatcher_waits_until_fees_go_down" ]]; then
+    # Alice sends two HTLCs to Bob (one for small invoice, one for large invoice), which Bob will hold.
+    # Alice requests Bob to force-close the channel, while the HTLCs are pending. Bob force-closes.
+    # Fee levels rise, to the point where the small HTLC is not economical to claim.
+    #                  Alice sweeps the large HTLC (via onchain timeout), but not the small one.
+    # Then, fee levels go back down, and Alice sweeps the small HTLC.
+    # This test checks Alice does not abandon channel outputs that are temporarily ~dust due to
+    # mempool spikes, and keeps watching the channel in hope of fees going down.
+    $alice setconfig test_force_disable_mpp true
+    $alice setconfig test_force_mpp false
+    wait_for_balance alice 1
+    $alice test_inject_fee_etas "{2:1000}"
+    $bob test_inject_fee_etas "{2:1000}"
+    echo "alice opens channel"
+    bob_node=$($bob nodeid)
+    channel=$($alice open_channel $bob_node 0.15 --password='')
+    chan_funding_txid=$(echo "$channel" | cut -d ":" -f 1)
+    chan_funding_outidx=$(echo "$channel" | cut -d ":" -f 2)
+    new_blocks 3
+    wait_until_channel_open alice
+    # Alice sends an HTLC to Bob, which Bob will hold indefinitely. Alice's lnpay will time out.
+    invoice1=$($bob add_hold_invoice deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbee1 \
+                    --amount 0.0004 --min_final_cltv_expiry_delta 300 | jq -r ".invoice")
+    invoice2=$($bob add_hold_invoice deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbee2 \
+                    --amount 0.04 --min_final_cltv_expiry_delta 300 | jq -r ".invoice")
+    set +e
+    $alice lnpay $invoice1 --timeout 3
+    $alice lnpay $invoice2 --timeout 3
+    set -e
+    # After a while, Alice gets impatient and gets Bob to close the channel.
+    new_blocks 20
+    $alice request_force_close $channel
+    wait_until_spent $chan_funding_txid $chan_funding_outidx
+    $bob stop  # bob closes and then disappears. FIXME this is a hack to prevent Bob claiming the fake-hold-invoice-htlc onchain
+    new_blocks 1
+    wait_until_channel_closed alice
+    ctx_id=$($alice list_channels | jq -r ".[0].closing_txid")
+    if [ $TEST_ANCHOR_CHANNELS = True ] ; then
+        htlc_output_index1=2
+        htlc_output_index2=3
+        to_alice_index=4  # Bob's to_remote
+        wait_until_spent $ctx_id $to_alice_index
+    else
+        htlc_output_index1=0
+        htlc_output_index2=1
+        to_alice_index=2
+    fi
+    new_blocks 1
+    assert_utxo_exists $ctx_id $htlc_output_index1
+    assert_utxo_exists $ctx_id $htlc_output_index2
+    # fee levels rise. now small htlc is ~dust
+    $alice test_inject_fee_etas "{2:300000}"
+    new_blocks 300  # this goes past the CLTV of the HTLC-output in ctx
+    wait_until_spent $ctx_id $htlc_output_index2
+    assert_utxo_exists $ctx_id $htlc_output_index1
+    new_blocks 24  # note: >20 blocks depth is considered "DEEP" by lnwatcher
+    sleep 1  # give time for Alice to make mistakes, such as abandoning the channel. which it should NOT do.
+    new_blocks 1
+    # Alice goes offline and comes back later, 1
+    $alice stop
+    $alice daemon -d
+    $alice test_inject_fee_etas "{2:300000}"
+    $alice load_wallet
+    $alice wait_for_sync
+    new_blocks 1
+    sleep 1  # give time for Alice to make mistakes
+    # Alice goes offline and comes back later, 2
+    $alice stop
+    $alice daemon -d
+    $alice test_inject_fee_etas "{2:300000}"
+    $alice load_wallet
+    $alice wait_for_sync
+    new_blocks 1
+    sleep 1  # give time for Alice to make mistakes
+    # fee levels go down. time to claim the small htlc
+    $alice test_inject_fee_etas "{2:1000}"
+    new_blocks 1
+    wait_until_spent $ctx_id $htlc_output_index1
+    new_blocks 1
+    wait_for_balance alice 0.9995
+fi
+
+
 if [[ $1 == "extract_preimage" ]]; then
     # Alice sends htlc1 to Bob.  Bob sends htlc2 to Alice.
     # Neither one of them settles, they hold the htlcs, and Bob force-closes.