Allow either node to send tx_init_rbf in v2 establishment#1236
Allow either node to send tx_init_rbf in v2 establishment#1236t-bast merged 2 commits intolightning:masterfrom
tx_init_rbf in v2 establishment#1236Conversation
t-bast
left a comment
There was a problem hiding this comment.
I have prototyped this in ACINQ/eclair#3021 and I don't see any reason to disallow it.
Splicing allows either node to send `tx_init_rbf` as they may want to take the opportunity to contribute or withdraw additional funds to / from the channel. Allow the same for v2 channel establishment for consistency.
7feaee0 to
966e550
Compare
|
Squashed the fixups. @vincenzopalazzo Anyone else from CLN need to chime in on this? |
|
I haven't tested it but this should work fine in CLN. We essentially treat RBF as just a |
|
@ddustin be careful, it must NOT be treated as |
|
@ddustin I tested against |
| The sender of `tx_init_rbf`: | ||
| - MUST be the *initiator* | ||
| - MAY be either the *initiator* or the *accepter* | ||
| - If the sender is the accepter, it becomes the initiator of the `interactive-tx` session and thus: |
There was a problem hiding this comment.
Hello! Looking at updating CLN to accommodate this, and ran into a question which seems obvious but wanted to confirm.
I'm taking this to mean that the serial_ids and all other role-related indicators are swapped for the entirety of the tx construction phase?
Work in progress to allow acceptor to initiate an RBF Mostly works, except that the original funder isn't setup to re-add their original funds to the channel, so the init fails because it's missing any overlapping inputs. lightning/bolts#1236
|
Is it an implementation detail to have the OG opening peer re-adding their original inputs to the transaction or is that something we should specify? |
I'd say it's an implementation detail. They could choose to not add them / take the opportunity to use entirely different inputs / amounts. |
Oh, and since they are no longer the initiator, they wouldn't be paying for the common fields nor the funding output. So they may decide to choose different UTXOs to spend as their fee responsibility may decrease. |
|
One issue we ran into on CLN is that without a common input with the
previous tx, the RBF attempt fails (our checks don’t allow a second tx for
a channel to be signed).
For splicing, you’re guaranteed to have at least the prev channel outpoint
in the tx, but for a new channel there’s not an obvious common outpoint.
…On Tue, Oct 21, 2025 at 17:27 Jeffrey Czyz ***@***.***> wrote:
*jkczyz* left a comment (lightning/bolts#1236)
<#1236 (comment)>
I'd say it's an implementation detail. They could choose to not add them /
take the opportunity to use entirely different inputs / amounts.
Oh, and since they are no longer the initiator, they wouldn't be paying
for the common fields nor the funding output. So they may decide to choose
different UTXOs to spend as their fee responsibility may decrease.
—
Reply to this email directly, view it on GitHub
<#1236 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAIMAKNI4BAHA5EUGUU5MI33Y2XNTAVCNFSM6AAAAABYWRXSNOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTIMRZG44TGMJWGY>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Agreed, we want to ensure that there is a common input with the previous versions of the transaction, otherwise they don't double-spend each other and we can in theory end up with two confirmed funding transactions for the same channel! But as long as the initiator of the RBF ensures that they double-spend themselves, it's fine? Note that if you didn't have any input in the previous interactive-txs, then you have no reason to initiate RBF, you don't have any balance in that channel. If you do initiate RBF anyway, you then indeed need to check that your peer re-adds an input so that this new interactive-tx double-spends all previous attempts. |
|
Had a quick chat with @rustyrussell about this and he suggested we add a simple rule: For any RBF attempt (independent of who's initiated it) the node must include at least one of their inputs from the previous transaction. This would allow for anyone to initiate an RBF (independent of what they've previously contributed) and also guarantee that there's never an issue with forgetting to include overlapping inputs with the prior version of the transaction. |
Work in progress to allow acceptor to initiate an RBF Mostly works, except that the original funder isn't setup to re-add their original funds to the channel, so the init fails because it's missing any overlapping inputs. lightning/bolts#1236
I thought this was already in the spec, but I cannot find it. This is already a requirement today, even when the initiator is the only one allowed to RBF, so this should have been specified in the dual funding PR. @jkczyz can you add that requirement in the We should also add a requirement in the Does that match what is already implemented in |
Should we include the requirement for the sender of For v2 establishment, if the RBF initiator did not contribute to previous attempts, couldn't the other party refuse to add one of their previous inputs? I guess they wouldn't have an incentive to -- if they're the original initiator then they wanted to open the channel -- but an implementation may (inadvertently) choose a different UTXO because fee responsibilities would have changed now that they need to pay for less. Similarly for any subsequent RBF attempts. It may be too strict a requirement, though, when both parties have contributed to a previous attempt. Just trying to think if there's a way to state the requirement to avoid a scenario where we can't RBF again because one party isn't aware they need to contribute a specific input. Also, presumably, you will update the splicing PR to elide the new
Hmmm.. There are two sections named "The
LDK hasn't implemented RBF yet. |
Yes, good point!
Note that the RBF initiator actually has to contribute funds, because they must pay for the fees of the common transaction fields and the channel output, which is impossible to do if they don't add any input to the transaction. There are indeed weird games that nodes can play if they don't have an incentive to accept the RBF attempt (but in most cases they do, the other side will be the one paying more fees since the RBF initiator pays fees for the common transaction fields). Anyway, I don't think it matters that much: any games that nodes play during RBF will be caught by the
I think that the implementation should prevent that: if you're paying less fees, you should re-use the same UTXO(s) but increase your change output (or add one if there wasn't any before).
Good point as well, we can remove this requirement entirely for the splicing case since the previous channel output ensures the double-spending condition.
Right, I missed it because it's not in the table of contents, but it does state what we want! I was surprised it wasn't already present, it's a good thing that it actually is here (and it makes sense to have in the "Channel Establishment v2" section, since splicing won't need this check). |
Updated last commit accordingly. |
|
ACK 90ae275 |
| - If it contributed to previous transactions: | ||
| - MUST send `tx_add_input` with at least one input that it used in previous | ||
| transaction construction attempts, to ensure that the new transaction | ||
| double-spends all other attempts. |
There was a problem hiding this comment.
This is phrased in an ambiguous way.
I guess what is meant is:
MUST send
tx_add_inputwith at least one input from each previous transaction construction attempt
For example, if
- the original tx1 attempt has inputs A and B,
- and then replacement tx2 has inputs B and C,
- then replacement tx3 should not use inputs C and D,
as tx1 and tx3 would not conflict. tx3 satisfies one interpretation of the current text: it shares at least one input it used in a previous attempt (C was used in tx2).
However as the rationale is clearly stated ("to ensure that the new transaction double-spends all other attempts."), perhaps this is a non-issue.
I guess the simplest implementation is to always re-add all previous inputs, which side-steps most of the complexity.
There was a problem hiding this comment.
I see how that can be misinterpreted indeed! But thankfully to ensure that the new transaction double-spends all other attempts clears it up I believe? I don't think it's a good idea to require reusing all previous inputs, this is limiting for no good reason.
For example, if:
- the original tx1 has inputs A and B
- to increase the feerate, the replacement tx2 has inputs B and C where C is larger than A
This is more efficient (smaller tx) than having to keep input A and add yet another input?
There was a problem hiding this comment.
I don't think it's a good idea to require reusing all previous inputs, this is limiting for no good reason.
Right, I did not mean requiring that, just remarked that is one way to write a simple and safe implementation. (e.g. that's how user-facing RBF works in Electrum. As the user might have the same seed on both a laptop and a phone at the same time, and might do bumpfee on a random tx first on one machine and then on another machine, any given machine might be missing information about some previous tx variants, so the only safe way of changing the input set is by never removing inputs. Otherwise we would have to sync previous tx replacements between machines via nostr or something :D In the case of LN, it seems unlikely multiple machines try to RBF the funding tx, so that specific concern does not apply.)
What I meant is that it might be worth it to rephrase that text (without changing its intent):
- If it contributed to previous transactions:
- MUST ensure that the new transaction double-spends all other attempts,
for example by sending `tx_add_input` with at least one input
from each previous transaction construction attempt.
There was a problem hiding this comment.
Sounds good, feel free to open a clarifying PR!
Splicing allows either node to send
tx_init_rbfas they may want to take the opportunity to contribute or withdraw additional funds to / from the channel. Allow the same for v2 channel establishment for consistency.