Enable 0conf and 0reserve on channels with trusted peers

Cargo.toml

@@ -39,17 +39,17 @@ default = []
 #lightning-liquidity = { version = "0.2.0", features = ["std"] }
 #lightning-macros = { version = "0.2.0" }
 
-lightning = { git = "https://github.com/lightningdevkit/rust-lightning", rev = "dcf0c203e166da2348bef12b2e5eff4a250cdec7", features = ["std"] }
-lightning-types = { git = "https://github.com/lightningdevkit/rust-lightning", rev = "dcf0c203e166da2348bef12b2e5eff4a250cdec7" }
-lightning-invoice = { git = "https://github.com/lightningdevkit/rust-lightning", rev = "dcf0c203e166da2348bef12b2e5eff4a250cdec7", features = ["std"] }
-lightning-net-tokio = { git = "https://github.com/lightningdevkit/rust-lightning", rev = "dcf0c203e166da2348bef12b2e5eff4a250cdec7" }
-lightning-persister = { git = "https://github.com/lightningdevkit/rust-lightning", rev = "dcf0c203e166da2348bef12b2e5eff4a250cdec7", features = ["tokio"] }
-lightning-background-processor = { git = "https://github.com/lightningdevkit/rust-lightning", rev = "dcf0c203e166da2348bef12b2e5eff4a250cdec7" }
-lightning-rapid-gossip-sync = { git = "https://github.com/lightningdevkit/rust-lightning", rev = "dcf0c203e166da2348bef12b2e5eff4a250cdec7" }
-lightning-block-sync = { git = "https://github.com/lightningdevkit/rust-lightning", rev = "dcf0c203e166da2348bef12b2e5eff4a250cdec7", features = ["rest-client", "rpc-client", "tokio"] }
-lightning-transaction-sync = { git = "https://github.com/lightningdevkit/rust-lightning", rev = "dcf0c203e166da2348bef12b2e5eff4a250cdec7", features = ["esplora-async-https", "time", "electrum-rustls-ring"] }
-lightning-liquidity = { git = "https://github.com/lightningdevkit/rust-lightning", rev = "dcf0c203e166da2348bef12b2e5eff4a250cdec7", features = ["std"] }
-lightning-macros = { git = "https://github.com/lightningdevkit/rust-lightning", rev = "dcf0c203e166da2348bef12b2e5eff4a250cdec7" }
+lightning = { git = "https://github.com/lightningdevkit/rust-lightning", rev = "688544da72cb348e4405d39a75e4d81102c1278a", features = ["std"] }
+lightning-types = { git = "https://github.com/lightningdevkit/rust-lightning", rev = "688544da72cb348e4405d39a75e4d81102c1278a" }
+lightning-invoice = { git = "https://github.com/lightningdevkit/rust-lightning", rev = "688544da72cb348e4405d39a75e4d81102c1278a", features = ["std"] }
+lightning-net-tokio = { git = "https://github.com/lightningdevkit/rust-lightning", rev = "688544da72cb348e4405d39a75e4d81102c1278a" }
+lightning-persister = { git = "https://github.com/lightningdevkit/rust-lightning", rev = "688544da72cb348e4405d39a75e4d81102c1278a", features = ["tokio"] }
+lightning-background-processor = { git = "https://github.com/lightningdevkit/rust-lightning", rev = "688544da72cb348e4405d39a75e4d81102c1278a" }
+lightning-rapid-gossip-sync = { git = "https://github.com/lightningdevkit/rust-lightning", rev = "688544da72cb348e4405d39a75e4d81102c1278a" }
+lightning-block-sync = { git = "https://github.com/lightningdevkit/rust-lightning", rev = "688544da72cb348e4405d39a75e4d81102c1278a", features = ["rest-client", "rpc-client", "tokio"] }
+lightning-transaction-sync = { git = "https://github.com/lightningdevkit/rust-lightning", rev = "688544da72cb348e4405d39a75e4d81102c1278a", features = ["esplora-async-https", "time", "electrum-rustls-ring"] }
+lightning-liquidity = { git = "https://github.com/lightningdevkit/rust-lightning", rev = "688544da72cb348e4405d39a75e4d81102c1278a", features = ["std"] }
+lightning-macros = { git = "https://github.com/lightningdevkit/rust-lightning", rev = "688544da72cb348e4405d39a75e4d81102c1278a" }
 
 bdk_chain = { version = "0.23.0", default-features = false, features = ["std"] }
 bdk_esplora = { version = "0.22.0", default-features = false, features = ["async-https-rustls", "tokio"]}
@@ -79,13 +79,13 @@ async-trait = { version = "0.1", default-features = false }
 vss-client = { package = "vss-client-ng", version = "0.5" }
 prost = { version = "0.11.6", default-features = false}
 #bitcoin-payment-instructions = { version = "0.6" }
-bitcoin-payment-instructions = { git = "https://github.com/joostjager/bitcoin-payment-instructions", branch = "ldk-dcf0c203e166da2348bef12b2e5eff4a250cdec7" }
+bitcoin-payment-instructions = { git = "https://github.com/tankyleo/bitcoin-payment-instructions", rev = "654c25c2c1234fadf01adec1554497610f554f09" }
 
 [target.'cfg(windows)'.dependencies]
 winapi = { version = "0.3", features = ["winbase"] }
 
 [dev-dependencies]
-lightning = { git = "https://github.com/lightningdevkit/rust-lightning", rev = "dcf0c203e166da2348bef12b2e5eff4a250cdec7", features = ["std", "_test_utils"] }
+lightning = { git = "https://github.com/lightningdevkit/rust-lightning", rev = "688544da72cb348e4405d39a75e4d81102c1278a", features = ["std", "_test_utils"] }
 rand = { version = "0.9.2", default-features = false, features = ["std", "thread_rng", "os_rng"] }
 proptest = "1.0.0"
 regex = "1.5.6"

src/builder.rs

@@ -435,16 +435,16 @@ impl NodeBuilder {
 	/// Configures the [`Node`] instance to source inbound liquidity from the given
 	/// [bLIP-51 / LSPS1] service.
 	///
-	/// Will mark the LSP as trusted for 0-confirmation channels, see [`Config::trusted_peers_0conf`].
+	/// Will mark the LSP as trusted for 0-confirmation, 0-reserve channels, see [`Config::trusted_peers_0conf_0reserve`].
 	///
 	/// The given `token` will be used by the LSP to authenticate the user.
 	///
 	/// [bLIP-51 / LSPS1]: https://github.com/lightning/blips/blob/master/blip-0051.md
 	pub fn set_liquidity_source_lsps1(
 		&mut self, node_id: PublicKey, address: SocketAddress, token: Option<String>,
 	) -> &mut Self {
-		// Mark the LSP as trusted for 0conf
-		self.config.trusted_peers_0conf.push(node_id.clone());
+		// Mark the LSP as trusted for 0conf, 0reserve
+		self.config.trusted_peers_0conf_0reserve.push(node_id.clone());
 
 		let liquidity_source_config =
 			self.liquidity_source_config.get_or_insert(LiquiditySourceConfig::default());
@@ -456,16 +456,16 @@ impl NodeBuilder {
 	/// Configures the [`Node`] instance to source just-in-time inbound liquidity from the given
 	/// [bLIP-52 / LSPS2] service.
 	///
-	/// Will mark the LSP as trusted for 0-confirmation channels, see [`Config::trusted_peers_0conf`].
+	/// Will mark the LSP as trusted for 0-confirmation, 0-reserve channels, see [`Config::trusted_peers_0conf_0reserve`].
 	///
 	/// The given `token` will be used by the LSP to authenticate the user.
 	///
 	/// [bLIP-52 / LSPS2]: https://github.com/lightning/blips/blob/master/blip-0052.md
 	pub fn set_liquidity_source_lsps2(
 		&mut self, node_id: PublicKey, address: SocketAddress, token: Option<String>,
 	) -> &mut Self {
-		// Mark the LSP as trusted for 0conf
-		self.config.trusted_peers_0conf.push(node_id.clone());
+		// Mark the LSP as trusted for 0conf, 0reserve
+		self.config.trusted_peers_0conf_0reserve.push(node_id.clone());
 
 		let liquidity_source_config =
 			self.liquidity_source_config.get_or_insert(LiquiditySourceConfig::default());
@@ -956,7 +956,7 @@ impl ArcedNodeBuilder {
 	/// Configures the [`Node`] instance to source inbound liquidity from the given
 	/// [bLIP-51 / LSPS1] service.
 	///
-	/// Will mark the LSP as trusted for 0-confirmation channels, see [`Config::trusted_peers_0conf`].
+	/// Will mark the LSP as trusted for 0-confirmation, 0-reserve channels, see [`Config::trusted_peers_0conf_0reserve`].
 	///
 	/// The given `token` will be used by the LSP to authenticate the user.
 	///
@@ -970,7 +970,7 @@ impl ArcedNodeBuilder {
 	/// Configures the [`Node`] instance to source just-in-time inbound liquidity from the given
 	/// [bLIP-52 / LSPS2] service.
 	///
-	/// Will mark the LSP as trusted for 0-confirmation channels, see [`Config::trusted_peers_0conf`].
+	/// Will mark the LSP as trusted for 0-confirmation, 0-reserve channels, see [`Config::trusted_peers_0conf_0reserve`].
 	///
 	/// The given `token` will be used by the LSP to authenticate the user.
 	///

src/config.rs

@@ -123,7 +123,7 @@ pub(crate) const LNURL_AUTH_TIMEOUT_SECS: u64 = 15;
 /// | `listening_addresses`                  | None               |
 /// | `announcement_addresses`               | None               |
 /// | `node_alias`                           | None               |
-/// | `trusted_peers_0conf`                  | []                 |
+/// | `trusted_peers_0conf_0reserve`         | []                 |
 /// | `probing_liquidity_limit_multiplier`   | 3                  |
 /// | `anchor_channels_config`               | Some(..)           |
 /// | `route_parameters`                     | None               |
@@ -156,12 +156,18 @@ pub struct Config {
 	/// **Note**: We will only allow opening and accepting public channels if the `node_alias` and the
 	/// `listening_addresses` are set.
 	pub node_alias: Option<NodeAlias>,
-	/// A list of peers that we allow to establish zero confirmation channels to us.
-	///
-	/// **Note:** Allowing payments via zero-confirmation channels is potentially insecure if the
-	/// funding transaction ends up never being confirmed on-chain. Zero-confirmation channels
-	/// should therefore only be accepted from trusted peers.
-	pub trusted_peers_0conf: Vec<PublicKey>,
+	/// A list of peers that we trust; these are peers that you've had some interaction with
+	/// out-of-band before clearing them to be on this list.
+	///
+	/// If a trusted peer opens a channel to us, we will forward their HTLCs before any
+	/// confirmations of the funding transaction (zero-conf), and allow them to spend their
+	/// entire balance (zero-reserve).
+	///
+	/// **Note:** Allowing payments via zero-confirmation channels is insecure if the funding
+	/// transaction never gets confirmed on-chain. Zero-reserve channels allow the peer to try
+	/// to steal your funds with no financial penalty. Zero-confirmation, and zero-reserve
+	/// channels should therefore only be accepted from trusted peers.
+	pub trusted_peers_0conf_0reserve: Vec<PublicKey>,
 	/// The liquidity factor by which we filter the outgoing channels used for sending probes.
 	///
 	/// Channels with available liquidity less than the required amount times this value won't be
@@ -208,7 +214,7 @@ impl Default for Config {
 			network: DEFAULT_NETWORK,
 			listening_addresses: None,
 			announcement_addresses: None,
-			trusted_peers_0conf: Vec::new(),
+			trusted_peers_0conf_0reserve: Vec::new(),
 			probing_liquidity_limit_multiplier: DEFAULT_PROBING_LIQUIDITY_LIMIT_MULTIPLIER,
 			anchor_channels_config: Some(AnchorChannelsConfig::default()),
 			tor_config: None,

src/event.rs

@@ -22,7 +22,7 @@ use lightning::events::{
 	ReplayEvent,
 };
 use lightning::impl_writeable_tlv_based_enum;
-use lightning::ln::channelmanager::PaymentId;
+use lightning::ln::channelmanager::{PaymentId, TrustedChannelFeatures};
 use lightning::ln::types::ChannelId;
 use lightning::routing::gossip::NodeId;
 use lightning::sign::EntropySource;
@@ -1258,7 +1258,6 @@ where
 				let user_channel_id: u128 = u128::from_ne_bytes(
 					self.keys_manager.get_secure_random_bytes()[..16].try_into().unwrap(),
 				);
-				let allow_0conf = self.config.trusted_peers_0conf.contains(&counterparty_node_id);
 				let mut channel_override_config = None;
 				if let Some((lsp_node_id, _)) = self
 					.liquidity_source
@@ -1284,11 +1283,14 @@ where
 						});
 					}
 				}
-				let res = if allow_0conf {
-					self.channel_manager.accept_inbound_channel_from_trusted_peer_0conf(
+				let is_trusted_peer =
+					self.config.trusted_peers_0conf_0reserve.contains(&counterparty_node_id);
+				let res = if is_trusted_peer {
+					self.channel_manager.accept_inbound_channel_from_trusted_peer(
 						&temporary_channel_id,
 						&counterparty_node_id,
 						user_channel_id,
+						TrustedChannelFeatures::ZeroConfZeroReserve,
 						channel_override_config,
 					)
 				} else {
@@ -1305,21 +1307,21 @@ where
 						log_info!(
 							self.logger,
 							"Accepting inbound{}{} channel of {}sats from{} peer {}",
-							if allow_0conf { " 0conf" } else { "" },
+							if is_trusted_peer { " 0conf, 0reserve" } else { "" },
 							if anchor_channel { " Anchor" } else { "" },
 							funding_satoshis,
-							if allow_0conf { " trusted" } else { "" },
+							if is_trusted_peer { " trusted" } else { "" },
 							counterparty_node_id,
 						);
 					},
 					Err(e) => {
 						log_error!(
 							self.logger,
 							"Error while accepting inbound{}{} channel from{} peer {}: {:?}",
-							if allow_0conf { " 0conf" } else { "" },
+							if is_trusted_peer { " 0conf, 0reserve" } else { "" },
 							if anchor_channel { " Anchor" } else { "" },
 							counterparty_node_id,
-							if allow_0conf { " trusted" } else { "" },
+							if is_trusted_peer { " trusted" } else { "" },
 							e,
 						);
 					},

src/lib.rs

@@ -1128,7 +1128,7 @@ impl Node {
 	fn open_channel_inner(
 		&self, node_id: PublicKey, address: SocketAddress, channel_amount_sats: FundingAmount,
 		push_to_counterparty_msat: Option<u64>, channel_config: Option<ChannelConfig>,
-		announce_for_forwarding: bool,
+		announce_for_forwarding: bool, set_0reserve: bool,
 	) -> Result<UserChannelId, Error> {
 		if !*self.is_running.read().unwrap() {
 			return Err(Error::NotRunning);
@@ -1196,25 +1196,46 @@ impl Node {
 			self.keys_manager.get_secure_random_bytes()[..16].try_into().unwrap(),
 		);
 
-		match self.channel_manager.create_channel(
-			peer_info.node_id,
-			channel_amount_sats,
-			push_msat,
-			user_channel_id,
-			None,
-			Some(user_config),
-		) {
+		let result = if set_0reserve {
+			self.channel_manager.create_channel_to_trusted_peer_0reserve(
+				peer_info.node_id,
+				channel_amount_sats,
+				push_msat,
+				user_channel_id,
+				None,
+				Some(user_config),
+			)
+		} else {
+			self.channel_manager.create_channel(
+				peer_info.node_id,
+				channel_amount_sats,
+				push_msat,
+				user_channel_id,
+				None,
+				Some(user_config),
+			)
+		};
+
+		let zero_reserve_string = if set_0reserve { "0reserve " } else { "" };
+
+		match result {
 			Ok(_) => {
 				log_info!(
 					self.logger,
-					"Initiated channel creation with peer {}. ",
+					"Initiated {}channel creation with peer {}. ",
+					zero_reserve_string,
 					peer_info.node_id
 				);
 				self.peer_store.add_peer(peer_info)?;
 				Ok(UserChannelId(user_channel_id))
 			},
 			Err(e) => {
-				log_error!(self.logger, "Failed to initiate channel creation: {:?}", e);
+				log_error!(
+					self.logger,
+					"Failed to initiate {}channel creation: {:?}",
+					zero_reserve_string,
+					e
+				);
 				Err(Error::ChannelCreationFailed)
 			},
 		}
@@ -1290,6 +1311,7 @@ impl Node {
 			push_to_counterparty_msat,
 			channel_config,
 			false,
+			false,
 		)
 	}
 
@@ -1330,6 +1352,7 @@ impl Node {
 			push_to_counterparty_msat,
 			channel_config,
 			true,
+			false,
 		)
 	}
 
@@ -1358,6 +1381,7 @@ impl Node {
 			push_to_counterparty_msat,
 			channel_config,
 			false,
+			false,
 		)
 	}
 
@@ -1395,6 +1419,83 @@ impl Node {
 			push_to_counterparty_msat,
 			channel_config,
 			true,
+			false,
+		)
+	}
+
+	/// Connect to a node and open a new unannounced, zero-reserve channel.
+	///
+	/// Zero-reserve channels allow the channel counterparty to try to steal your funds with
+	/// no financial penalty, so zero-reserve channels should only be opened to parties you
+	/// trust.
+	///
+	/// Note that this only allows *the counterparty* to spend *their* entire balance in the
+	/// the channel; whether *you* are allowed to spend your own full balance is the
+	/// counterparty's decision. See [`Config::trusted_peers_0conf_0reserve`] if the
+	/// counterparty would like to set zero-reserve on your own balance as well.
+	///
+	/// Disconnects and reconnects are handled automatically.
+	///
+	/// If `push_to_counterparty_msat` is set, the given value will be pushed (read: sent) to the
+	/// channel counterparty on channel open. This can be useful to start out with the balance not
+	/// entirely shifted to one side, therefore allowing to receive payments from the getgo.
+	///
+	/// If Anchor channels are enabled, this will ensure the configured
+	/// [`AnchorChannelsConfig::per_channel_reserve_sats`] is available and will be retained before
+	/// opening the channel.
+	///
+	/// Returns a [`UserChannelId`] allowing to locally keep track of the channel.
+	///
+	/// [`Config::trusted_peers_0conf_0reserve`]: crate::config::Config::trusted_peers_0conf_0reserve
+	/// [`AnchorChannelsConfig::per_channel_reserve_sats`]: crate::config::AnchorChannelsConfig::per_channel_reserve_sats
+	pub fn open_0reserve_channel(
+		&self, node_id: PublicKey, address: SocketAddress, channel_amount_sats: u64,
+		push_to_counterparty_msat: Option<u64>, channel_config: Option<ChannelConfig>,
+	) -> Result<UserChannelId, Error> {
+		self.open_channel_inner(
+			node_id,
+			address,
+			FundingAmount::Exact { amount_sats: channel_amount_sats },
+			push_to_counterparty_msat,
+			channel_config,
+			false,
+			true,
+		)
+	}
+
+	/// Connect to a node and open a new unannounced, zero-reserve channel, using all available
+	/// on-chain funds minus fees and anchor reserves.
+	///
+	/// Zero-reserve channels allow the channel counterparty to try to steal your funds with
+	/// no financial penalty, so zero-reserve channels should only be opened to parties you
+	/// trust.
+	///
+	/// Note that this only allows *the counterparty* to spend *their* entire balance in the
+	/// the channel; whether *you* are allowed to spend your own full balance is the
+	/// counterparty's decision. See [`Config::trusted_peers_0conf_0reserve`] if the
+	/// counterparty would like to set zero-reserve on your own balance as well.
+	///
+	/// Disconnects and reconnects are handled automatically.
+	///
+	/// If `push_to_counterparty_msat` is set, the given value will be pushed (read: sent) to the
+	/// channel counterparty on channel open. This can be useful to start out with the balance not
+	/// entirely shifted to one side, therefore allowing to receive payments from the getgo.
+	///
+	/// Returns a [`UserChannelId`] allowing to locally keep track of the channel.
+	///
+	/// [`Config::trusted_peers_0conf_0reserve`]: crate::config::Config::trusted_peers_0conf_0reserve
+	pub fn open_0reserve_channel_with_all(
+		&self, node_id: PublicKey, address: SocketAddress, push_to_counterparty_msat: Option<u64>,
+		channel_config: Option<ChannelConfig>,
+	) -> Result<UserChannelId, Error> {
+		self.open_channel_inner(
+			node_id,
+			address,
+			FundingAmount::Max,
+			push_to_counterparty_msat,
+			channel_config,
+			false,
+			true,
 		)
 	}