Invalid commitment signature

Question

Invalid commitment signature

Closed this issue 7 years ago · 15 comments

Eclair reports an invalid commitment signature following an InvalidOnionVersion report from lnd:

DEBUG:root:lnd: 2017-09-19 18:25:03.690 [ERR] HSWC: unable to decode onion obfuscator: InvalidOnionVersion
DEBUG:root:lnd: 2017-09-19 18:25:03.690 [TRC] PEER: writeMessage to 127.0.0.1:60148: (*lnwire.UpdateFailMalformedHTLC)(0xc420073db0)({
DEBUG:root:lnd:  ChanID: (lnwire.ChannelID) (len=32 cap=32) d89ff9ddd8ad1a3803e701567092c64daa4dbc70ac0f3246aca4f7397e9642c5,
DEBUG:root:lnd:  ID: (uint64) 0,
DEBUG:root:lnd:  ShaOnionBlob: ([32]uint8) (len=32 cap=32) {
DEBUG:root:lnd:   00000000  36 23 e1 23 b9 a4 e6 ac  46 e7 b3 c3 eb 13 d1 6d  |6#.#....F......m|
DEBUG:root:lnd:   00000010  e5 97 6e e0 4a 3d 4b c6  11 3e e3 24 06 df a9 67  |..n.J=K..>.$...g|
DEBUG:root:lnd:  },
DEBUG:root:lnd:  FailureCode: (lnwire.FailCode) InvalidOnionVersion
DEBUG:root:lnd: })
...snip...
DEBUG:root:eclair: 2017-09-19 18:25:03,699 WARN  f.a.eclair.payment.PaymentLifecycle akka://default/user/$h/payment-initiator/$a  - unhandled event UpdateFailMalformedHtlc(d89ff9ddd8ad1a3803e701567092c64daa4dbc70ac0f3246aca4f7397e9642c5,0,3623e123b9a4e6ac46e7b3c3eb13d16de5976ee04a3d4bc6113ee32406dfa967,49156) in state WAITING_FOR_PAYMENT_COMPLETE
DEBUG:root:eclair: 2017-09-19 18:25:03,730 ERROR fr.acinq.eclair.channel.Channel akka://default/user/$g/switchboard/peer-0298ff1d0bde2933f391ef04d1ff5b2cabe4df221b3e3240fe76024e1d1871a80c/$a d89ff9ddd8ad1a3803e701567092c64daa4dbc70ac0f3246aca4f7397e9642c5 - fr.acinq.eclair.channel.InvalidCommitmentSignature: invalid commitment signature
DEBUG:root:eclair: 	at fr.acinq.eclair.channel.Commitments$.receiveCommit(Commitments.scala:366)
DEBUG:root:eclair: 	at fr.acinq.eclair.channel.Channel$$anonfun$12$$anonfun$38.apply(Channel.scala:519)
DEBUG:root:eclair: 	at fr.acinq.eclair.channel.Channel$$anonfun$12$$anonfun$38.apply(Channel.scala:519)
DEBUG:root:eclair: 	at scala.util.Try$.apply(Try.scala:192)
DEBUG:root:eclair: 	at fr.acinq.eclair.channel.Channel$$anonfun$12.applyOrElse(Channel.scala:519)
DEBUG:root:eclair: 	at fr.acinq.eclair.channel.Channel$$anonfun$12.applyOrElse(Channel.scala:409)
DEBUG:root:eclair: 	at scala.runtime.AbstractPartialFunction.apply(AbstractPartialFunction.scala:36)
DEBUG:root:eclair: 	at fr.acinq.eclair.channel.Channel$$anonfun$handleExceptions$1.applyOrElse(Channel.scala:1423)
DEBUG:root:eclair: 	at fr.acinq.eclair.channel.Channel$$anonfun$handleExceptions$1.applyOrElse(Channel.scala:1420)
DEBUG:root:eclair: 	at scala.runtime.AbstractPartialFunction.apply(AbstractPartialFunction.scala:36)
DEBUG:root:eclair: 	at akka.actor.FSM$class.processEvent(FSM.scala:663)
DEBUG:root:eclair: 	at fr.acinq.eclair.channel.Channel.akka$actor$LoggingFSM$$super$processEvent(Channel.scala:32)
DEBUG:root:eclair: 	at akka.actor.LoggingFSM$class.processEvent(FSM.scala:799)
DEBUG:root:eclair: 	at fr.acinq.eclair.channel.Channel.processEvent(Channel.scala:32)
DEBUG:root:eclair: 	at akka.actor.FSM$class.akka$actor$FSM$$processMsg(FSM.scala:657)
DEBUG:root:eclair: 	at akka.actor.FSM$$anonfun$receive$1.applyOrElse(FSM.scala:651)
DEBUG:root:eclair: 	at akka.actor.Actor$class.aroundReceive(Actor.scala:502)
DEBUG:root:eclair: 	at fr.acinq.eclair.channel.Channel.fr$acinq$eclair$FSMDiagnosticActorLogging$$super$aroundReceive(Channel.scala:32)
DEBUG:root:eclair: 	at fr.acinq.eclair.FSMDiagnosticActorLogging$class.aroundReceive(FSMDiagnosticActorLogging.scala:19)
DEBUG:root:eclair: 	at fr.acinq.eclair.channel.Channel.aroundReceive(Channel.scala:32)
DEBUG:root:eclair: 	at akka.actor.ActorCell.receiveMessage(ActorCell.scala:526)
DEBUG:root:eclair: 	at akka.actor.ActorCell.invoke(ActorCell.scala:495)
DEBUG:root:eclair: 	at akka.dispatch.Mailbox.processMailbox(Mailbox.scala:257)
DEBUG:root:eclair: 	at akka.dispatch.Mailbox.run(Mailbox.scala:224)
DEBUG:root:eclair: 
DEBUG:root:eclair: 2017-09-19 18:25:03,744 WARN  f.a.eclair.channel.Helpers$Closing$   - tx generation failure: desc=main-delayed-output reason: requirement failed: output not found
DEBUG:root:eclair: 2017-09-19 18:25:03,747 INFO  f.acinq.eclair.blockchain.ZmqWatcher akka://default/user/$b/watcher  - publishing tx (isRetry=false): txid=fc08cd626206ddc791428bc61090b1cdeaeeb9542cdb4daa1dd254da379fb097 tx=02000000000101d89ff9ddd8ad1a3803e701567092c64daa4dbc70ac0f3246aca4f7397e9642c5000000000027e1ae80015076980000000000220020eb8c1467e8cba27fdfb10230cf6a48dffddc19d4f3784e33164fbbc4f1d74d4f040047304402204b43d571c6d526d8ea4122a9e2fb24712d7188025b59784f10420ef5e18cef9202202197d6c5b2636a54c76ce7ba265c820288c8a86c8fe3a89ef6d44445fe0c7c520148304502210092f5fea60d498d84353549eec42c05ca1ffc62e984499dbb8a6af5ef2fc59b35022006008f81e47d8a416a6ddce30cedc577390273c7ebaa434e059f1b4b658982c601475221034ed389bd02f2ae47704c4e9c78d0069cdda8c284caa8241338622f0aa5eb1a702103baa809e5070a0074f8ee7f87553fd6c570120d553d6995accbd3a15f5491450b52aebd8efc20
DEBUG:root:eclair: 2017-09-19 18:25:03,752 DEBUG fr.acinq.eclair.channel.Channel akka://default/user/$g/switchboard/peer-0298ff1d0bde2933f391ef04d1ff5b2cabe4df221b3e3240fe76024e1d1871a80c/$a d89ff9ddd8ad1a3803e701567092c64daa4dbc70ac0f3246aca4f7397e9642c5 - updating database record for channelId=d89ff9ddd8ad1a3803e701567092c64daa4dbc70ac0f3246aca4f7397e9642c5
DEBUG:root:eclair: 2017-09-19 18:25:03,789 INFO  fr.acinq.eclair.payment.Relayer akka://default/user/$e/relayer  - removing channel d89ff9ddd8ad1a3803e701567092c64daa4dbc70ac0f3246aca4f7397e9642c5 from available channels
DEBUG:root:eclair: 2017-09-19 18:25:03,789 DEBUG fr.acinq.eclair.channel.Channel akka://default/user/$g/switchboard/peer-0298ff1d0bde2933f391ef04d1ff5b2cabe4df221b3e3240fe76024e1d1871a80c/$a d89ff9ddd8ad1a3803e701567092c64daa4dbc70ac0f3246aca4f7397e9642c5 - transition NORMAL -> CLOSING

This is the test_direct_payment test, with eclair opening a channel to lnd and initiating a single transfer. Full logs can be found at https://gist.github.com/anonymous/98854b19f52481670859a5917f923801

Answer 1 · 2017-09-19T16:32:41.000Z

Ping @Roasbeef and @sstone

Answer 2 · 2017-09-19T17:52:22.000Z

Looks to be the case that eclair sends us an HTLC with an onion payload with an invalid version. At that point we fail the HTLC (after it has been fully locked in from our PoV). Everything proceeds as normal (commit-sig + revoke dance) up until that point.

Looks like eclair failed to find an output that was expected?

tx generation failure: desc=main-delayed-output reason: requirement failed: output not found

Answer 3 · 2017-09-19T18:06:25.000Z

Which version byte are you expecting in the sphinx packet ? (We've already changed it to 0 as per lightning/bolts#239, it seems that you're still expecting 1 ?)

Answer 4 · 2017-09-19T18:09:54.000Z

The onion sent by eclair indeed is version 0x00:

DEBUG:root:lnd:  OnionBlob: ([1366]uint8) (len=1366 cap=1366) {
DEBUG:root:lnd:   00000000  00 02 c1 93 8d c1 41 86  7a 40 af d2 d2 0a b1 f3  |......A.z@......|

Any way to identify why lnd failed decoding the onion?

Answer 5 · 2017-09-19T18:10:54.000Z

Ahh, it appears I forgot to push out a commit I had staged during the recent compat dash cdecker and I participated in. Will be pushing out that change shortly!

Answer 6 · 2017-09-19T18:16:45.000Z

Perfect, thanks guys for the quick resolution. @Roasbeef ping me and I'll rerun to confirm before closing the issue ^^

Answer 7 · 2017-09-19T18:32:58.000Z

Pretty sure there is an additional bug here, because following the UpdateFailMalformedHtlc eclair/lnd disagree on the next signature, resulting in eclair doing an unilateral close. Le 19 sept. 2017 8:20 PM, "Olaoluwa Osuntokun" <notifications@github.com> a écrit : Ahh, it appears I forgot to push out a commit I had staged during the recent compat dash cdecker and I participated in. Will be pushing out that change shortly! — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#2 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AB7yvlvskbI3SbwkWxu3z_aThKYIPG3yks5skAOugaJpZM4PcrTc> .

Answer 8 · 2017-09-19T18:40:47.000Z

Well that is to be expected if you disagree on the set of HTLCs that is supposed to be attached to the settlement.

Answer 9 · 2017-09-19T18:59:44.000Z

My first reaction was "Why should they disagree"? But then I realized that the spec allows failing unsigned htlcs. In that case it will always lead to commit sig mismatch and unilateral close. Isn't that a big vulnerability (remote closing of channels)? Or am I just too tired/hungry...

Answer 10 · 2017-09-19T19:07:46.000Z

Failing unsigned HTLC's? That's forbidden. An HTLC cannot be failed until it's full locked in to both commitment transactions (as is now, there's the possibility of "UnAdd").

Answer 11 · 2017-09-19T19:10:08.000Z

You're correct though, eclair still should've accepted the signature. The logs from eclair show:

unhandled event UpdateFailMalformedHtlc(d89ff9ddd8ad1a3803e701567092c64daa4dbc70ac0f3246aca4f7397e9642c5,0,3623e123b9a4e6ac46e7b3c3eb13d16de5976ee04a3d4bc6113ee32406dfa967,49156) in state WAITING_FOR_PAYMENT_COMPLETE

So possibly it didn't process the htlc fail message?

Answer 12 · 2017-09-19T19:12:23.000Z

Well that was my understanding and also how eclair is implemented. But skimming the spec it only says "A node MUST NOT send update_fulfill_htlc until an HTLC is irrevocably committed in both sides' commitment transactions." If we agree that only cross-signed htlcs can be failed I don't see why eclair/lnd would disagree on that next signature then? Le 19 sept. 2017 9:07 PM, "Olaoluwa Osuntokun" <notifications@github.com> a écrit :

…

Failing unsigned HTLC's? That's forbidden. An HTLC cannot be failed until it's full locked in to both commitment transactions (as is now, there's the possibility of "unadd"). — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#2 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AB7yvoj65RJDPvWJzxFuZRHWq-tGKwEIks5skBEDgaJpZM4PcrTc> .

Answer 13 · 2017-09-19T19:49:51.000Z

Found the bug! This one is on eclair's side...

So possibly it didn't process the htlc fail message?

This is actually a separate issue, in the higher level state machine managing the end-to-end payment. At the channel level we were indeed processing the UpdateFailMalformedHtlc, but weren't removing the corresponding htlc when computing the sigs :-/

Answer 14 · 2017-09-22T09:59:26.000Z

The "invalid commitment signature" bug in eclair has been fixed as of commit ACINQ/eclair@8c71b80.

Answer 15 · 2017-09-22T11:31:25.000Z

Thanks guys, the commit sig issue indeed went away 👍