Rework XxxCommitPublished types (#1728)

Re-work the `CommitPublished` types to work better with anchor outputs.
We previously stored the txs spending utxos that we could claim: this
doesn't make sense anymore if these txs may be RBF-ed, because the final
tx will be different from the initial one.

We instead track what `OutPoint`s we can claim, and the information
necessary to claim them. This way we can in the future let a different
actor finalize the txs that spend these outpoints (set the fees and sign).

We also add information on mutual close txs to immediately identify our
output and its amount: this makes auditing how much sats we'll get back
very easy from the API when we have many channels to watch.

This commit contains a DB migration of the channel data types, but in a
backwards-compatible way: we can still read from old data. The only
scenario impacted is channels that started force-closing before the migration.
They need special care to handle the fact that they had less data than
migrated channels, which is why we keep some legacy code around.

Author: t-bast

eclair-core/src/main/scala/fr/acinq/eclair/blockchain/bitcoind/ZmqWatcher.scala

@@ -504,7 +504,7 @@ object ZmqWatcher {
    * We need this because fundrawtransaction doesn't allow us to leave non-wallet inputs, so we have to add them
    * afterwards which may bring the resulting feerate below our target.
    */
-  def adjustAnchorOutputChange(unsignedTx: Transactions.ClaimAnchorOutputTx, commitTx: Transaction, amountIn: Satoshi, currentFeerate: FeeratePerKw, targetFeerate: FeeratePerKw, dustLimit: Satoshi): Transactions.ClaimAnchorOutputTx = {
+  def adjustAnchorOutputChange(unsignedTx: Transactions.ClaimLocalAnchorOutputTx, commitTx: Transaction, amountIn: Satoshi, currentFeerate: FeeratePerKw, targetFeerate: FeeratePerKw, dustLimit: Satoshi): Transactions.ClaimLocalAnchorOutputTx = {
     require(unsignedTx.tx.txOut.size == 1, "funded transaction should have a single change output")
     // We take into account witness weight and adjust the fee to match our desired feerate.
     val dummySignedClaimAnchorTx = Transactions.addSigs(unsignedTx, Transactions.PlaceHolderSig)

eclair-core/src/main/scala/fr/acinq/eclair/channel/Channel.scala

@@ -24,7 +24,7 @@ import fr.acinq.eclair.blockchain.fee.FeeratePerKw
 import fr.acinq.eclair.payment.OutgoingPacket.Upstream
 import fr.acinq.eclair.router.Announcements
 import fr.acinq.eclair.transactions.CommitmentSpec
-import fr.acinq.eclair.transactions.Transactions.{AnchorOutputsCommitmentFormat, CommitTx, CommitmentFormat, DefaultCommitmentFormat}
+import fr.acinq.eclair.transactions.Transactions._
 import fr.acinq.eclair.wire.{AcceptChannel, ChannelAnnouncement, ChannelReestablish, ChannelUpdate, ClosingSigned, FailureMessage, FundingCreated, FundingLocked, FundingSigned, Init, OnionRoutingPacket, OpenChannel, Shutdown, UpdateAddHtlc, UpdateFailHtlc, UpdateFailMalformedHtlc, UpdateFulfillHtlc}
 import fr.acinq.eclair.{CltvExpiry, CltvExpiryDelta, Features, MilliSatoshi, ShortChannelId, UInt64}
 import scodec.bits.{BitVector, ByteVector}
@@ -268,27 +268,111 @@ sealed trait HasCommitments extends Data {
   def commitments: Commitments
 }
 
-case class ClosingTxProposed(unsignedTx: Transaction, localClosingSigned: ClosingSigned)
+case class ClosingTxProposed(unsignedTx: ClosingTx, localClosingSigned: ClosingSigned)
+
+sealed trait CommitPublished {
+  /** Commitment tx. */
+  def commitTx: Transaction
+  /** Map of relevant outpoints that have been spent and the confirmed transaction that spends them. */
+  def irrevocablySpent: Map[OutPoint, Transaction]
 
-case class LocalCommitPublished(commitTx: Transaction, claimMainDelayedOutputTx: Option[Transaction], htlcSuccessTxs: List[Transaction], htlcTimeoutTxs: List[Transaction], claimHtlcDelayedTxs: List[Transaction], irrevocablySpent: Map[OutPoint, ByteVector32]) {
   def isConfirmed: Boolean = {
     // NB: if multiple transactions end up in the same block, the first confirmation we receive may not be the commit tx.
     // However if the confirmed tx spends from the commit tx, we know that the commit tx is already confirmed and we know
     // the type of closing.
-    val confirmedTxs = irrevocablySpent.values.toSet
-    (commitTx :: claimMainDelayedOutputTx.toList ::: htlcSuccessTxs ::: htlcTimeoutTxs ::: claimHtlcDelayedTxs).exists(tx => confirmedTxs.contains(tx.txid))
+    irrevocablySpent.values.exists(tx => tx.txid == commitTx.txid) || irrevocablySpent.keys.exists(_.txid == commitTx.txid)
   }
 }
-case class RemoteCommitPublished(commitTx: Transaction, claimMainOutputTx: Option[Transaction], claimHtlcSuccessTxs: List[Transaction], claimHtlcTimeoutTxs: List[Transaction], irrevocablySpent: Map[OutPoint, ByteVector32]) {
-  def isConfirmed: Boolean = {
-    // NB: if multiple transactions end up in the same block, the first confirmation we receive may not be the commit tx.
-    // However if the confirmed tx spends from the commit tx, we know that the commit tx is already confirmed and we know
-    // the type of closing.
-    val confirmedTxs = irrevocablySpent.values.toSet
-    (commitTx :: claimMainOutputTx.toList ::: claimHtlcSuccessTxs ::: claimHtlcTimeoutTxs).exists(tx => confirmedTxs.contains(tx.txid))
+
+/**
+ * Details about a force-close where we published our commitment.
+ *
+ * @param claimMainDelayedOutputTx tx claiming our main output (if we have one).
+ * @param htlcTxs                  txs claiming HTLCs. There will be one entry for each pending HTLC. The value will be
+ *                                 None only for incoming HTLCs for which we don't have the preimage (we can't claim them yet).
+ * @param claimHtlcDelayedTxs      3rd-stage txs (spending the output of HTLC txs).
+ * @param claimAnchorTxs           txs spending anchor outputs to bump the feerate of the commitment tx (if applicable).
+ */
+case class LocalCommitPublished(commitTx: Transaction, claimMainDelayedOutputTx: Option[ClaimLocalDelayedOutputTx], htlcTxs: Map[OutPoint, Option[HtlcTx]], claimHtlcDelayedTxs: List[ClaimLocalDelayedOutputTx], claimAnchorTxs: List[ClaimAnchorOutputTx], irrevocablySpent: Map[OutPoint, Transaction]) extends CommitPublished {
+  /**
+   * A local commit is considered done when:
+   * - all commitment tx outputs that we can spend have been spent and confirmed (even if the spending tx was not ours)
+   * - all 3rd stage txs (txs spending htlc txs) have been confirmed
+   */
+  def isDone: Boolean = {
+    val confirmedTxs = irrevocablySpent.values.map(_.txid).toSet
+    // is the commitment tx confirmed (we need to check this because we may not have any outputs)?
+    val isCommitTxConfirmed = confirmedTxs.contains(commitTx.txid)
+    // is our main output confirmed (if we have one)?
+    val isMainOutputConfirmed = claimMainDelayedOutputTx.forall(tx => irrevocablySpent.contains(tx.input.outPoint))
+    // are all htlc outputs from the commitment tx spent (we need to check them all because we may receive preimages later)?
+    val allHtlcsSpent = (htlcTxs.keySet -- irrevocablySpent.keys).isEmpty
+    // are all outputs from htlc txs spent?
+    val unconfirmedHtlcDelayedTxs = claimHtlcDelayedTxs.map(_.input.outPoint)
+      // only the txs which parents are already confirmed may get confirmed (note that this eliminates outputs that have been double-spent by a competing tx)
+      .filter(input => confirmedTxs.contains(input.txid))
+      // has the tx already been confirmed?
+      .filterNot(input => irrevocablySpent.contains(input))
+    isCommitTxConfirmed && isMainOutputConfirmed && allHtlcsSpent && unconfirmedHtlcDelayedTxs.isEmpty
+  }
+}
+
+/**
+ * Details about a force-close where they published their commitment.
+ *
+ * @param claimMainOutputTx tx claiming our main output (if we have one).
+ * @param claimHtlcTxs      txs claiming HTLCs. There will be one entry for each pending HTLC. The value will be None
+ *                          only for incoming HTLCs for which we don't have the preimage (we can't claim them yet).
+ * @param claimAnchorTxs    txs spending anchor outputs to bump the feerate of the commitment tx (if applicable).
+ */
+case class RemoteCommitPublished(commitTx: Transaction, claimMainOutputTx: Option[ClaimRemoteCommitMainOutputTx], claimHtlcTxs: Map[OutPoint, Option[ClaimHtlcTx]], claimAnchorTxs: List[ClaimAnchorOutputTx], irrevocablySpent: Map[OutPoint, Transaction]) extends CommitPublished {
+  /**
+   * A remote commit is considered done when all commitment tx outputs that we can spend have been spent and confirmed
+   * (even if the spending tx was not ours).
+   */
+  def isDone: Boolean = {
+    val confirmedTxs = irrevocablySpent.values.map(_.txid).toSet
+    // is the commitment tx confirmed (we need to check this because we may not have any outputs)?
+    val isCommitTxConfirmed = confirmedTxs.contains(commitTx.txid)
+    // is our main output confirmed (if we have one)?
+    val isMainOutputConfirmed = claimMainOutputTx.forall(tx => irrevocablySpent.contains(tx.input.outPoint))
+    // are all htlc outputs from the commitment tx spent (we need to check them all because we may receive preimages later)?
+    val allHtlcsSpent = (claimHtlcTxs.keySet -- irrevocablySpent.keys).isEmpty
+    isCommitTxConfirmed && isMainOutputConfirmed && allHtlcsSpent
+  }
+}
+
+/**
+ * Details about a force-close where they published one of their revoked commitments.
+ *
+ * @param claimMainOutputTx          tx claiming our main output (if we have one).
+ * @param mainPenaltyTx              penalty tx claiming their main output (if they have one).
+ * @param htlcPenaltyTxs             penalty txs claiming every HTLC output.
+ * @param claimHtlcDelayedPenaltyTxs penalty txs claiming the output of their HTLC txs (if they managed to get them confirmed before our htlcPenaltyTxs).
+ */
+case class RevokedCommitPublished(commitTx: Transaction, claimMainOutputTx: Option[ClaimRemoteCommitMainOutputTx], mainPenaltyTx: Option[MainPenaltyTx], htlcPenaltyTxs: List[HtlcPenaltyTx], claimHtlcDelayedPenaltyTxs: List[ClaimHtlcDelayedOutputPenaltyTx], irrevocablySpent: Map[OutPoint, Transaction]) extends CommitPublished {
+  /**
+   * A revoked commit is considered done when all commitment tx outputs that we can spend have been spent and confirmed
+   * (even if the spending tx was not ours).
+   */
+  def isDone: Boolean = {
+    val confirmedTxs = irrevocablySpent.values.map(_.txid).toSet
+    // is the commitment tx confirmed (we need to check this because we may not have any outputs)?
+    val isCommitTxConfirmed = confirmedTxs.contains(commitTx.txid)
+    // are there remaining spendable outputs from the commitment tx?
+    val unspentCommitTxOutputs = {
+      val commitOutputsSpendableByUs = (claimMainOutputTx.toSeq ++ mainPenaltyTx.toSeq ++ htlcPenaltyTxs).map(_.input.outPoint)
+      commitOutputsSpendableByUs.toSet -- irrevocablySpent.keys
+    }
+    // are all outputs from htlc txs spent?
+    val unconfirmedHtlcDelayedTxs = claimHtlcDelayedPenaltyTxs.map(_.input.outPoint)
+      // only the txs which parents are already confirmed may get confirmed (note that this eliminates outputs that have been double-spent by a competing tx)
+      .filter(input => confirmedTxs.contains(input.txid))
+      // if one of the tx inputs has been spent, the tx has already been confirmed or a competing tx has been confirmed
+      .filterNot(input => irrevocablySpent.contains(input))
+    isCommitTxConfirmed && unspentCommitTxOutputs.isEmpty && unconfirmedHtlcDelayedTxs.isEmpty
   }
 }
-case class RevokedCommitPublished(commitTx: Transaction, claimMainOutputTx: Option[Transaction], mainPenaltyTx: Option[Transaction], htlcPenaltyTxs: List[Transaction], claimHtlcDelayedPenaltyTxs: List[Transaction], irrevocablySpent: Map[OutPoint, ByteVector32])
 
 final case class DATA_WAIT_FOR_OPEN_CHANNEL(initFundee: INPUT_INIT_FUNDEE) extends Data {
   val channelId: ByteVector32 = initFundee.temporaryChannelId
@@ -352,27 +436,26 @@ final case class DATA_SHUTDOWN(commitments: Commitments,
 final case class DATA_NEGOTIATING(commitments: Commitments,
                                   localShutdown: Shutdown, remoteShutdown: Shutdown,
                                   closingTxProposed: List[List[ClosingTxProposed]], // one list for every negotiation (there can be several in case of disconnection)
-                                  bestUnpublishedClosingTx_opt: Option[Transaction]) extends Data with HasCommitments {
+                                  bestUnpublishedClosingTx_opt: Option[ClosingTx]) extends Data with HasCommitments {
   require(closingTxProposed.nonEmpty, "there must always be a list for the current negotiation")
   require(!commitments.localParams.isFunder || closingTxProposed.forall(_.nonEmpty), "funder must have at least one closing signature for every negotiation attempt because it initiates the closing")
 }
 final case class DATA_CLOSING(commitments: Commitments,
                               fundingTx: Option[Transaction], // this will be non-empty if we are funder and we got in closing while waiting for our own tx to be published
                               waitingSinceBlock: Long, // how long since we initiated the closing
-                              mutualCloseProposed: List[Transaction], // all exchanged closing sigs are flattened, we use this only to keep track of what publishable tx they have
-                              mutualClosePublished: List[Transaction] = Nil,
+                              mutualCloseProposed: List[ClosingTx], // all exchanged closing sigs are flattened, we use this only to keep track of what publishable tx they have
+                              mutualClosePublished: List[ClosingTx] = Nil,
                               localCommitPublished: Option[LocalCommitPublished] = None,
                               remoteCommitPublished: Option[RemoteCommitPublished] = None,
                               nextRemoteCommitPublished: Option[RemoteCommitPublished] = None,
                               futureRemoteCommitPublished: Option[RemoteCommitPublished] = None,
                               revokedCommitPublished: List[RevokedCommitPublished] = Nil) extends Data with HasCommitments {
-  val spendingTxes = mutualClosePublished ::: localCommitPublished.map(_.commitTx).toList ::: remoteCommitPublished.map(_.commitTx).toList ::: nextRemoteCommitPublished.map(_.commitTx).toList ::: futureRemoteCommitPublished.map(_.commitTx).toList ::: revokedCommitPublished.map(_.commitTx)
-  require(spendingTxes.nonEmpty, "there must be at least one tx published in this state")
+  val spendingTxs: List[Transaction] = mutualClosePublished.map(_.tx) ::: localCommitPublished.map(_.commitTx).toList ::: remoteCommitPublished.map(_.commitTx).toList ::: nextRemoteCommitPublished.map(_.commitTx).toList ::: futureRemoteCommitPublished.map(_.commitTx).toList ::: revokedCommitPublished.map(_.commitTx)
+  require(spendingTxs.nonEmpty, "there must be at least one tx published in this state")
 }
 
 final case class DATA_WAIT_FOR_REMOTE_PUBLISH_FUTURE_COMMITMENT(commitments: Commitments, remoteChannelReestablish: ChannelReestablish) extends Data with HasCommitments
 
-
 /**
  * @param features current connection features, or last features used if the channel is disconnected. Note that these
  *                 features are updated at each reconnection and may be different from the ones that were used when the