Allow for trusted inbound 0conf channels

Author: tnull

bindings/ldk_node.udl

@@ -7,6 +7,7 @@ dictionary Config {
 	Network network;
 	NetAddress? listening_address;
 	u32 default_cltv_expiry_delta;
+	sequence<PublicKey> peers_trusted_0conf;
 };
 
 interface Builder {

src/event.rs

@@ -231,7 +231,7 @@ where
 	payment_store: Arc<PaymentStore<K, L>>,
 	runtime: Arc<RwLock<Option<tokio::runtime::Runtime>>>,
 	logger: L,
-	_config: Arc<Config>,
+	config: Arc<Config>,
 }
 
 impl<K: KVStore + Sync + Send + 'static, L: Deref> EventHandler<K, L>
@@ -242,7 +242,7 @@ where
 		wallet: Arc<Wallet<bdk::database::SqliteDatabase>>, event_queue: Arc<EventQueue<K, L>>,
 		channel_manager: Arc<ChannelManager<K>>, network_graph: Arc<NetworkGraph>,
 		keys_manager: Arc<KeysManager>, payment_store: Arc<PaymentStore<K, L>>,
-		runtime: Arc<RwLock<Option<tokio::runtime::Runtime>>>, logger: L, _config: Arc<Config>,
+		runtime: Arc<RwLock<Option<tokio::runtime::Runtime>>>, logger: L, config: Arc<Config>,
 	) -> Self {
 		Self {
 			event_queue,
@@ -253,7 +253,7 @@ where
 			payment_store,
 			logger,
 			runtime,
-			_config,
+			config,
 		}
 	}
 
@@ -544,7 +544,52 @@ where
 					}
 				}
 			}
-			LdkEvent::OpenChannelRequest { .. } => {}
+			LdkEvent::OpenChannelRequest {
+				temporary_channel_id,
+				counterparty_node_id,
+				funding_satoshis,
+				channel_type: _,
+				push_msat: _,
+			} => {
+				let user_channel_id: u128 = rand::thread_rng().gen::<u128>();
+				let allow_0conf = self.config.peers_trusted_0conf.contains(&counterparty_node_id);
+				let res = if allow_0conf {
+					self.channel_manager.accept_inbound_channel_from_trusted_peer_0conf(
+						&temporary_channel_id,
+						&counterparty_node_id,
+						user_channel_id,
+					)
+				} else {
+					self.channel_manager.accept_inbound_channel(
+						&temporary_channel_id,
+						&counterparty_node_id,
+						user_channel_id,
+					)
+				};
+
+				match res {
+					Ok(()) => {
+						log_info!(
+							self.logger,
+							"Accepting inbound{} channel of {}sats from{} peer {}",
+							if allow_0conf { " 0conf" } else { "" },
+							funding_satoshis,
+							if allow_0conf { " trusted" } else { "" },
+							counterparty_node_id,
+						);
+					}
+					Err(e) => {
+						log_error!(
+							self.logger,
+							"Error while accepting inbound{} channel from{} peer {}: {:?}",
+							if allow_0conf { " 0conf" } else { "" },
+							counterparty_node_id,
+							if allow_0conf { " trusted" } else { "" },
+							e,
+						);
+					}
+				}
+			}
 			LdkEvent::PaymentForwarded {
 				prev_channel_id,
 				next_channel_id,

src/lib.rs

@@ -194,6 +194,12 @@ pub struct Config {
 	pub listening_address: Option<NetAddress>,
 	/// The default CLTV expiry delta to be used for payments.
 	pub default_cltv_expiry_delta: u32,
+	/// A list of peers which we allow to establish zero confirmation channels to us.
+	///
+	/// **Note:** Allowing payments via zero-confirmation channels is potentially insecure if the
+	/// funding transaction ends up never being confirmed on-chain. Zero-confirmation channels
+	/// should therefore only be accepted from trusted peers.
+	pub peers_trusted_0conf: Vec<PublicKey>,
 }
 
 impl Default for Config {
@@ -204,6 +210,7 @@ impl Default for Config {
 			network: Network::Regtest,
 			listening_address: Some("0.0.0.0:9735".parse().unwrap()),
 			default_cltv_expiry_delta: 144,
+			peers_trusted_0conf: Vec::new(),
 		}
 	}
 }
@@ -481,6 +488,11 @@ impl Builder {
 		// Initialize the ChannelManager
 		let mut user_config = UserConfig::default();
 		user_config.channel_handshake_limits.force_announced_channel_preference = false;
+		if !config.peers_trusted_0conf.is_empty() {
+			// Manually accept inbound channels if we expect 0conf channel requests, avoid
+			// generating the events otherwise.
+			user_config.manually_accept_inbound_channels = true;
+		}
 		let channel_manager = {
 			if let Ok(mut reader) = kv_store
 				.read(CHANNEL_MANAGER_PERSISTENCE_NAMESPACE, CHANNEL_MANAGER_PERSISTENCE_KEY)

src/peer_store.rs

@@ -32,6 +32,10 @@ where
 	pub(crate) fn add_peer(&self, peer_info: PeerInfo) -> Result<(), Error> {
 		let mut locked_peers = self.peers.write().unwrap();
 
+		if locked_peers.contains_key(&peer_info.node_id) {
+			return Ok(());
+		}
+
 		locked_peers.insert(peer_info.node_id, peer_info);
 		self.persist_peers(&*locked_peers)
 	}

src/test/functional_tests.rs

@@ -1,8 +1,13 @@
+use crate::io::KVStore;
 use crate::test::utils::*;
 use crate::test::utils::{expect_event, random_config};
-use crate::{Builder, Error, Event, PaymentDirection, PaymentStatus};
+use crate::{Builder, Error, Event, Node, PaymentDirection, PaymentStatus};
 
 use bitcoin::Amount;
+use electrsd::bitcoind::BitcoinD;
+use electrsd::ElectrsD;
+
+use std::sync::Arc;
 
 #[test]
 fn channel_full_cycle() {
@@ -12,12 +17,39 @@ fn channel_full_cycle() {
 	let config_a = random_config(esplora_url);
 	let node_a = Builder::from_config(config_a).build();
 	node_a.start().unwrap();
-	let addr_a = node_a.new_funding_address().unwrap();
 
 	println!("\n== Node B ==");
 	let config_b = random_config(esplora_url);
 	let node_b = Builder::from_config(config_b).build();
 	node_b.start().unwrap();
+
+	do_channel_full_cycle(node_a, node_b, &bitcoind, &electrsd, false);
+}
+
+#[test]
+fn channel_full_cycle_0conf() {
+	let (bitcoind, electrsd) = setup_bitcoind_and_electrsd();
+	println!("== Node A ==");
+	let esplora_url = electrsd.esplora_url.as_ref().unwrap();
+	let config_a = random_config(esplora_url);
+	let node_a = Builder::from_config(config_a).build();
+	node_a.start().unwrap();
+
+	println!("\n== Node B ==");
+	let mut config_b = random_config(esplora_url);
+	config_b.peers_trusted_0conf.push(node_a.node_id());
+
+	let node_b = Builder::from_config(config_b).build();
+	node_b.start().unwrap();
+
+	do_channel_full_cycle(node_a, node_b, &bitcoind, &electrsd, true)
+}
+
+fn do_channel_full_cycle<K: KVStore + Sync + Send>(
+	node_a: Arc<Node<K>>, node_b: Arc<Node<K>>, bitcoind: &BitcoinD, electrsd: &ElectrsD,
+	allow_0conf: bool,
+) {
+	let addr_a = node_a.new_funding_address().unwrap();
 	let addr_b = node_b.new_funding_address().unwrap();
 
 	let premine_amount_sat = 100_000;
@@ -67,8 +99,11 @@ fn channel_full_cycle() {
 
 	wait_for_tx(&electrsd, funding_txo.txid);
 
-	println!("\n .. generating blocks, syncing wallets .. ");
-	generate_blocks_and_wait(&bitcoind, &electrsd, 6);
+	if !allow_0conf {
+		println!("\n .. generating blocks ..");
+		generate_blocks_and_wait(&bitcoind, &electrsd, 6);
+	}
+
 	node_a.sync_wallets().unwrap();
 	node_b.sync_wallets().unwrap();
 
@@ -254,7 +289,7 @@ fn channel_open_fails_when_funds_insufficient() {
 			node_b.listening_address().unwrap().into(),
 			120000,
 			None,
-			true
+			true,
 		)
 	);
 }