Skip to content

Accountable HTLCs #3217

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
thomash-acinq merged 5 commits into from
Jan 5, 2026
Merged

Accountable HTLCs #3217

thomash-acinq merged 5 commits into from
Jan 5, 2026
+827 −914

Conversation

@thomash-acinq
Copy link
Member

@thomash-acinq thomash-acinq commented Nov 20, 2025
edited
Loading

Add accountability signal for HTLCs, it replaces endorsement.
See lightning/bolts#1280

@thomash-acinq thomash-acinq force-pushed the accountability branch 4 times, most recently from c44e38f to 7e21640 Compare November 26, 2025 15:57
@thomash-acinq thomash-acinq force-pushed the accountability branch 6 times, most recently from f8160e5 to d807c65 Compare December 2, 2025 10:41
@thomash-acinq
HTLC accountability
1a162d1 
Add accountability signal for HTLCs, it replaces endorsement.
See lightning/bolts#1280
@t-bast
Codecs clean-up and refactoring
5d3e647 
We update codecs to use `case class` instead of `case object`, like we
do for the similar `require_confirmed_inputs` TLV, which lets us use the
helper functions on TLV streams and provide better consistency. We add
documentation to the acountability TLV fields.

We also simplify the trait hierarchy in `PaymentOnion.scala` by removing
unnecessary additions.
@t-bast
Payment flow refactoring and disable jamming protection
f1fd87e 
We refactor the following parts of the payment flow:

- when fetching confidence score, the downstream node is always known,
  we don't need to use an `Option` in `GetConfidence`
- we remove the restrictions that require accountability for on-the-fly
  funding, we don't want to negatively impact wallets yet
- we never fail HTLCs based on accountability / incoming confidence, we
  only log that we would have failed them to collect data, it's way too
  early to actually enforce any of those restrictions
- we reorder the `accountability` parameter in various functions, to
  make it appear before optional, less important parameters (for example
  custom TLVs)
- we revert a bunch of small, unnecessary changes to minimize the diff
  with `master`

We also add documentation and comments to help readers.
@t-bast
Add release notes
9714f01
t-bast
t-bast reviewed Dec 22, 2025
View reviewed changes
Copy link
Member

@t-bast t-bast left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is simpler and less invasive than the previous endorsement mechanism, I like it. Let's get that on master soon to avoid dealing with merge conflicts since a lot of tests are being updated (hopefully for the last time).

I think it's fine to set the accountability bit in the route blinding data even though it isn't in the spec yet, we can still change it on master in a follow-up PR if the final decision is slightly different than what we're doing.

@t-bast t-bast mentioned this pull request Dec 22, 2025
Merged
@t-bast t-bast marked this pull request as ready for review December 22, 2025 10:21
@t-bast
Copy link
Member

t-bast commented Dec 29, 2025

Another reason to get this change included is that we have exceptions in our logs for an array out of bounds access that crashes the reputation recorder. I haven't figured out where it comes from because the code is quite hairy, but it gets simpler after this change so hopefully it's fixed or easier to investigate!

@thomash-acinq thomash-acinq requested a review from t-bast January 5, 2026 09:03
@thomash-acinq
Copy link
Member Author

thomash-acinq commented Jan 5, 2026

I've merged your changes. And added another commit to make sure that we don't set the accountable bit if the HTLC does not support it.

t-bast
t-bast approved these changes Jan 5, 2026
View reviewed changes
Copy link
Member

@t-bast t-bast left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, let's go!

@thomash-acinq thomash-acinq merged commit e3fd186 into master Jan 5, 2026
1 check passed
@t-bast t-bast deleted the accountability branch January 5, 2026 09:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@t-bast t-bast t-bast approved these changes

Assignees

No one assigned

Labels

Optech Make Me Famous!

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@thomash-acinq @t-bast