Mixed mode splicing

Some splicing use cases require to simultaneously splice in and out in
the same splice transaction. Add support for such splices using the
funding inputs to pay the appropriate fees just like the splice-in case,
opposed to using the channel value like the splice-out case. This
requires using the contributed input value when checking if the inputs
are sufficient to cover fees, not the net contributed value. The latter
may be negative in the net splice-out case.

Author: jkczyz

lightning/src/ln/channel.rs

@@ -6497,8 +6497,7 @@ fn get_v2_channel_reserve_satoshis(channel_value_satoshis: u64, dust_limit_satos
 fn check_splice_contribution_sufficient(
 	contribution: &SpliceContribution, is_initiator: bool, funding_feerate: FeeRate,
 ) -> Result<SignedAmount, String> {
-	let contribution_amount = contribution.value();
-	if contribution_amount < SignedAmount::ZERO {
+	if contribution.inputs().is_empty() {
 		let estimated_fee = Amount::from_sat(estimate_v2_funding_transaction_fee(
 			contribution.inputs(),
 			contribution.outputs(),
@@ -6507,20 +6506,26 @@ fn check_splice_contribution_sufficient(
 			funding_feerate.to_sat_per_kwu() as u32,
 		));
 
+		let contribution_amount = contribution.net_value();
 		contribution_amount
 			.checked_sub(
 				estimated_fee.to_signed().expect("fees should never exceed Amount::MAX_MONEY"),
 			)
-			.ok_or(format!("Our {contribution_amount} contribution plus the fee estimate exceeds the total bitcoin supply"))
+			.ok_or(format!(
+				"{} splice-out amount plus {} fee estimate exceeds the total bitcoin supply",
+				contribution_amount.unsigned_abs(),
+				estimated_fee,
+			))
 	} else {
 		check_v2_funding_inputs_sufficient(
-			contribution_amount.to_sat(),
+			contribution.input_value(),
 			contribution.inputs(),
+			contribution.outputs(),
 			is_initiator,
 			true,
 			funding_feerate.to_sat_per_kwu() as u32,
 		)
-		.map(|_| contribution_amount)
+		.map(|_| contribution.net_value())
 	}
 }
 
@@ -6579,16 +6584,16 @@ fn estimate_v2_funding_transaction_fee(
 /// Returns estimated (partial) fees as additional information
 #[rustfmt::skip]
 fn check_v2_funding_inputs_sufficient(
-	contribution_amount: i64, funding_inputs: &[FundingTxInput], is_initiator: bool,
-	is_splice: bool, funding_feerate_sat_per_1000_weight: u32,
-) -> Result<u64, String> {
-	let estimated_fee = estimate_v2_funding_transaction_fee(
-		funding_inputs, &[], is_initiator, is_splice, funding_feerate_sat_per_1000_weight,
-	);
-
-	let mut total_input_sats = 0u64;
+	contributed_input_value: Amount, funding_inputs: &[FundingTxInput], outputs: &[TxOut],
+	is_initiator: bool, is_splice: bool, funding_feerate_sat_per_1000_weight: u32,
+) -> Result<Amount, String> {
+	let estimated_fee = Amount::from_sat(estimate_v2_funding_transaction_fee(
+		funding_inputs, outputs, is_initiator, is_splice, funding_feerate_sat_per_1000_weight,
+	));
+
+	let mut total_input_value = Amount::ZERO;
 	for FundingTxInput { utxo, .. } in funding_inputs.iter() {
-		total_input_sats = total_input_sats.checked_add(utxo.output.value.to_sat())
+		total_input_value = total_input_value.checked_add(utxo.output.value)
 			.ok_or("Sum of input values is greater than the total bitcoin supply")?;
 	}
 
@@ -6603,13 +6608,11 @@ fn check_v2_funding_inputs_sufficient(
 	// TODO(splicing): refine check including the fact wether a change will be added or not.
 	// Can be done once dual funding preparation is included.
 
-	let minimal_input_amount_needed = contribution_amount.checked_add(estimated_fee as i64)
-		.ok_or(format!("Our {contribution_amount} contribution plus the fee estimate exceeds the total bitcoin supply"))?;
-	if i64::try_from(total_input_sats).map_err(|_| "Sum of input values is greater than the total bitcoin supply")?
-		< minimal_input_amount_needed
-	{
+	let minimal_input_amount_needed = contributed_input_value.checked_add(estimated_fee)
+		.ok_or(format!("{contributed_input_value} contribution plus {estimated_fee} fee estimate exceeds the total bitcoin supply"))?;
+	if total_input_value < minimal_input_amount_needed {
 		Err(format!(
-			"Total input amount {total_input_sats} is lower than needed for contribution {contribution_amount}, considering fees of {estimated_fee}. Need more inputs.",
+			"Total input amount {total_input_value} is lower than needed for splice-in contribution {contributed_input_value}, considering fees of {estimated_fee}. Need more inputs.",
 		))
 	} else {
 		Ok(estimated_fee)
@@ -6675,7 +6678,7 @@ impl FundingNegotiationContext {
 		};
 
 		// Optionally add change output
-		let change_value_opt = if self.our_funding_contribution > SignedAmount::ZERO {
+		let change_value_opt = if !self.our_funding_inputs.is_empty() {
 			match calculate_change_output_value(
 				&self,
 				self.shared_funding_input.is_some(),
@@ -11956,7 +11959,7 @@ where
 			});
 		}
 
-		let our_funding_contribution = contribution.value();
+		let our_funding_contribution = contribution.net_value();
 		if our_funding_contribution == SignedAmount::ZERO {
 			return Err(APIError::APIMisuseError {
 				err: format!(
@@ -18254,6 +18257,13 @@ mod tests {
 		FundingTxInput::new_p2wpkh(prevtx, 0).unwrap()
 	}
 
+	fn funding_output_sats(output_value_sats: u64) -> TxOut {
+		TxOut {
+			value: Amount::from_sat(output_value_sats),
+			script_pubkey: ScriptBuf::new_p2wpkh(&WPubkeyHash::all_zeros()),
+		}
+	}
+
 	#[test]
 	#[rustfmt::skip]
 	fn test_check_v2_funding_inputs_sufficient() {
@@ -18264,16 +18274,83 @@ mod tests {
 			let expected_fee = if cfg!(feature = "grind_signatures") { 2278 } else { 2284 };
 			assert_eq!(
 				check_v2_funding_inputs_sufficient(
-					220_000,
+					Amount::from_sat(220_000),
+					&[
+						funding_input_sats(200_000),
+						funding_input_sats(100_000),
+					],
+					&[],
+					true,
+					true,
+					2000,
+				).unwrap(),
+				Amount::from_sat(expected_fee),
+			);
+		}
+
+		// Net splice-in
+		{
+			let expected_fee = if cfg!(feature = "grind_signatures") { 2526 } else { 2532 };
+			assert_eq!(
+				check_v2_funding_inputs_sufficient(
+					Amount::from_sat(220_000),
+					&[
+						funding_input_sats(200_000),
+						funding_input_sats(100_000),
+					],
+					&[
+						funding_output_sats(200_000),
+					],
+					true,
+					true,
+					2000,
+				).unwrap(),
+				Amount::from_sat(expected_fee),
+			);
+		}
+
+		// Net splice-out
+		{
+			let expected_fee = if cfg!(feature = "grind_signatures") { 2526 } else { 2532 };
+			assert_eq!(
+				check_v2_funding_inputs_sufficient(
+					Amount::from_sat(220_000),
 					&[
 						funding_input_sats(200_000),
 						funding_input_sats(100_000),
 					],
+					&[
+						funding_output_sats(400_000),
+					],
 					true,
 					true,
 					2000,
 				).unwrap(),
-				expected_fee,
+				Amount::from_sat(expected_fee),
+			);
+		}
+
+		// Net splice-out, inputs insufficient to cover fees
+		{
+			let expected_fee = if cfg!(feature = "grind_signatures") { 113670 } else { 113940 };
+			assert_eq!(
+				check_v2_funding_inputs_sufficient(
+					Amount::from_sat(220_000),
+					&[
+						funding_input_sats(200_000),
+						funding_input_sats(100_000),
+					],
+					&[
+						funding_output_sats(400_000),
+					],
+					true,
+					true,
+					90000,
+				),
+				Err(format!(
+					"Total input amount 0.00300000 BTC is lower than needed for splice-in contribution 0.00220000 BTC, considering fees of {}. Need more inputs.",
+					Amount::from_sat(expected_fee),
+				)),
 			);
 		}
 
@@ -18282,17 +18359,18 @@ mod tests {
 			let expected_fee = if cfg!(feature = "grind_signatures") { 1736 } else { 1740 };
 			assert_eq!(
 				check_v2_funding_inputs_sufficient(
-					220_000,
+					Amount::from_sat(220_000),
 					&[
 						funding_input_sats(100_000),
 					],
+					&[],
 					true,
 					true,
 					2000,
 				),
 				Err(format!(
-					"Total input amount 100000 is lower than needed for contribution 220000, considering fees of {}. Need more inputs.",
-					expected_fee,
+					"Total input amount 0.00100000 BTC is lower than needed for splice-in contribution 0.00220000 BTC, considering fees of {}. Need more inputs.",
+					Amount::from_sat(expected_fee),
 				)),
 			);
 		}
@@ -18302,16 +18380,17 @@ mod tests {
 			let expected_fee = if cfg!(feature = "grind_signatures") { 2278 } else { 2284 };
 			assert_eq!(
 				check_v2_funding_inputs_sufficient(
-					(300_000 - expected_fee - 20) as i64,
+					Amount::from_sat(300_000 - expected_fee - 20),
 					&[
 						funding_input_sats(200_000),
 						funding_input_sats(100_000),
 					],
+					&[],
 					true,
 					true,
 					2000,
 				).unwrap(),
-				expected_fee,
+				Amount::from_sat(expected_fee),
 			);
 		}
 
@@ -18320,18 +18399,19 @@ mod tests {
 			let expected_fee = if cfg!(feature = "grind_signatures") { 2506 } else { 2513 };
 			assert_eq!(
 				check_v2_funding_inputs_sufficient(
-					298032,
+					Amount::from_sat(298032),
 					&[
 						funding_input_sats(200_000),
 						funding_input_sats(100_000),
 					],
+					&[],
 					true,
 					true,
 					2200,
 				),
 				Err(format!(
-					"Total input amount 300000 is lower than needed for contribution 298032, considering fees of {}. Need more inputs.",
-					expected_fee
+					"Total input amount 0.00300000 BTC is lower than needed for splice-in contribution 0.00298032 BTC, considering fees of {}. Need more inputs.",
+					Amount::from_sat(expected_fee),
 				)),
 			);
 		}
@@ -18341,16 +18421,17 @@ mod tests {
 			let expected_fee = if cfg!(feature = "grind_signatures") { 1084 } else { 1088 };
 			assert_eq!(
 				check_v2_funding_inputs_sufficient(
-					(300_000 - expected_fee - 20) as i64,
+					Amount::from_sat(300_000 - expected_fee - 20),
 					&[
 						funding_input_sats(200_000),
 						funding_input_sats(100_000),
 					],
+					&[],
 					false,
 					false,
 					2000,
 				).unwrap(),
-				expected_fee,
+				Amount::from_sat(expected_fee),
 			);
 		}
 	}

lightning/src/ln/funding.rs

@@ -61,10 +61,40 @@ impl SpliceContribution {
 		Self { value: -value_removed, inputs: vec![], outputs, change_script: None }
 	}
 
-	pub(super) fn value(&self) -> SignedAmount {
+	/// Creates a contribution for when funds are both added to and removed from a channel.
+	///
+	/// Note that `value_added` represents the value added by `inputs` but should not account for
+	/// value removed by `outputs`. The net value contributed can be obtained by calling
+	/// [`SpliceContribution::net_value`].
+	pub fn splice_in_and_out(
+		value_added: Amount, inputs: Vec<FundingTxInput>, outputs: Vec<TxOut>,
+		change_script: Option<ScriptBuf>,
+	) -> Self {
+		let splice_in = Self::splice_in(value_added, inputs, change_script);
+		let splice_out = Self::splice_out(outputs);
+
+		Self {
+			value: splice_in.value + splice_out.value,
+			inputs: splice_in.inputs,
+			outputs: splice_out.outputs,
+			change_script: splice_in.change_script,
+		}
+	}
+
+	/// The net value contributed to a channel by the splice. If negative, more value will be
+	/// spliced out than spliced in.
+	pub fn net_value(&self) -> SignedAmount {
 		self.value
 	}
 
+	pub(super) fn input_value(&self) -> Amount {
+		(self.net_value() + self.output_value().to_signed().expect("")).to_unsigned().expect("")
+	}
+
+	pub(super) fn output_value(&self) -> Amount {
+		self.outputs.iter().map(|txout| txout.value).sum::<Amount>()
+	}
+
 	pub(super) fn inputs(&self) -> &[FundingTxInput] {
 		&self.inputs[..]
 	}

lightning/src/ln/interactivetxs.rs

@@ -2338,9 +2338,6 @@ pub(super) fn calculate_change_output_value(
 	context: &FundingNegotiationContext, is_splice: bool, shared_output_funding_script: &ScriptBuf,
 	change_output_dust_limit: u64,
 ) -> Result<Option<Amount>, AbortReason> {
-	assert!(context.our_funding_contribution > SignedAmount::ZERO);
-	let our_funding_contribution = context.our_funding_contribution.to_unsigned().unwrap();
-
 	let mut total_input_value = Amount::ZERO;
 	let mut our_funding_inputs_weight = 0u64;
 	for FundingTxInput { utxo, .. } in context.our_funding_inputs.iter() {
@@ -2354,6 +2351,7 @@ pub(super) fn calculate_change_output_value(
 	let total_output_value = funding_outputs
 		.iter()
 		.fold(Amount::ZERO, |total, out| total.checked_add(out.value).unwrap_or(Amount::MAX));
+
 	let our_funding_outputs_weight = funding_outputs.iter().fold(0u64, |weight, out| {
 		weight.saturating_add(get_output_weight(&out.script_pubkey).to_wu())
 	});
@@ -2379,18 +2377,21 @@ pub(super) fn calculate_change_output_value(
 
 	let contributed_fees =
 		Amount::from_sat(fee_for_weight(context.funding_feerate_sat_per_1000_weight, weight));
-	let net_total_less_fees = total_input_value
-		.checked_sub(total_output_value)
-		.unwrap_or(Amount::ZERO)
-		.checked_sub(contributed_fees)
-		.unwrap_or(Amount::ZERO);
-	if net_total_less_fees < our_funding_contribution {
+
+	let contributed_input_value =
+		context.our_funding_contribution + total_output_value.to_signed().unwrap();
+	assert!(contributed_input_value > SignedAmount::ZERO);
+	let contributed_input_value = contributed_input_value.unsigned_abs();
+
+	let total_input_value_less_fees =
+		total_input_value.checked_sub(contributed_fees).unwrap_or(Amount::ZERO);
+	if total_input_value_less_fees < contributed_input_value {
 		// Not enough to cover contribution plus fees
 		return Err(AbortReason::InsufficientFees);
 	}
 
-	let remaining_value = net_total_less_fees
-		.checked_sub(our_funding_contribution)
+	let remaining_value = total_input_value_less_fees
+		.checked_sub(contributed_input_value)
 		.expect("remaining_value should not be negative");
 	if remaining_value.to_sat() < change_output_dust_limit {
 		// Enough to cover contribution plus fees, but leftover is below dust limit; no change