staticaddr: configurable max htlc tx fee

hieblmi · hieblmi · commit 33d8739041fe · 2024-11-05T10:12:00.000+01:00
In this commit we introduce maximum fee percentages
for the static loop-in htlc transactions. Since
the server has the ability to publish htlc transactions
without settling the swap payment we have to restrict
the amount the server allocates for fees of these
transactions.
diff --git a/client.go b/client.go
@@ -135,6 +135,22 @@ type ClientConfig struct {
 	// MaxPaymentRetries is the maximum times we retry an off-chain payment
 	// (used in loop out).
 	MaxPaymentRetries int
+
+	// MaxStaticAddrHtlcFeePercentage is the percentage of the swap amount
+	// that we allow the server to charge for the htlc transaction.
+	// Although highly unlikely, this is a defense against the server
+	// publishing the htlc without paying the swap invoice, forcing us to
+	// sweep the timeout path.
+	MaxStaticAddrHtlcFeePercentage float64
+
+	// MaxStaticAddrHtlcBackupFeePercentage is the percentage of the swap
+	// amount that we allow the server to charge for the htlc backup
+	// transactions. This is a defense against the server publishing the
+	// htlc backup without paying the swap invoice, forcing us to sweep the
+	// timeout path. This value is elevated compared to
+	// MaxStaticAddrHtlcFeePercentage since it serves the server as backup
+	// transaction in case of fee spikes.
+	MaxStaticAddrHtlcBackupFeePercentage float64
 }
 
 // NewClient returns a new instance to initiate swaps with.
diff --git a/loopd/config.go b/loopd/config.go
@@ -42,11 +42,13 @@ var (
 		LoopDirBase, DefaultNetwork, defaultSqliteDatabaseFileName,
 	)
 
-	defaultMaxLogFiles         = 3
-	defaultMaxLogFileSize      = 10
-	defaultLoopOutMaxParts     = uint32(5)
-	defaultTotalPaymentTimeout = time.Minute * 60
-	defaultMaxPaymentRetries   = 3
+	defaultMaxLogFiles                          = 3
+	defaultMaxLogFileSize                       = 10
+	defaultLoopOutMaxParts                      = uint32(5)
+	defaultTotalPaymentTimeout                  = time.Minute * 60
+	defaultMaxPaymentRetries                    = 3
+	defaultMaxStaticAddrHtlcFeePercentage       = 0.2
+	defaultMaxStaticAddrHtlcBackupFeePercentage = 0.5
 
 	// defaultRPCBatchSize is the default batch size to use for RPC calls
 	// we make to LND during migrations. If operations on the LND side are
@@ -183,6 +185,9 @@ type Config struct {
 	TotalPaymentTimeout time.Duration `long:"totalpaymenttimeout" description:"The timeout to use for off-chain payments."`
 	MaxPaymentRetries   int           `long:"maxpaymentretries" description:"The maximum number of times an off-chain payment may be retried."`
 
+	MaxStaticAddrHtlcFeePercentage       float64 `long:"maxstaticaddrhtlcfeepercentage" description:"The maximum fee percentage that the server can charge for the htlc tx."`
+	MaxStaticAddrHtlcBackupFeePercentage float64 `long:"maxstaticaddrhtlcbackupfeepercentage" description:"The maximum fee percentage that the server can charge for the htlc backup tx. The backup transaction is only used in rare cases when the regular htlc tx is not confirmed on time. These backup transactions refer to high fee or extremely high fee transactions in the API."`
+
 	EnableExperimental bool `long:"experimental" description:"Enable experimental features: reservations"`
 
 	MigrationRPCBatchSize int `long:"migrationrpcbatchsize" description:"The RPC batch size to use during migrations."`
@@ -215,21 +220,23 @@ func DefaultConfig() Config {
 		Sqlite: &loopdb.SqliteConfig{
 			DatabaseFileName: defaultSqliteDatabasePath,
 		},
-		LogDir:                defaultLogDir,
-		MaxLogFiles:           defaultMaxLogFiles,
-		MaxLogFileSize:        defaultMaxLogFileSize,
-		DebugLevel:            defaultLogLevel,
-		TLSCertPath:           DefaultTLSCertPath,
-		TLSKeyPath:            DefaultTLSKeyPath,
-		TLSValidity:           DefaultAutogenValidity,
-		MacaroonPath:          DefaultMacaroonPath,
-		MaxL402Cost:           l402.DefaultMaxCostSats,
-		MaxL402Fee:            l402.DefaultMaxRoutingFeeSats,
-		LoopOutMaxParts:       defaultLoopOutMaxParts,
-		TotalPaymentTimeout:   defaultTotalPaymentTimeout,
-		MaxPaymentRetries:     defaultMaxPaymentRetries,
-		EnableExperimental:    false,
-		MigrationRPCBatchSize: defaultRPCBatchSize,
+		LogDir:                               defaultLogDir,
+		MaxLogFiles:                          defaultMaxLogFiles,
+		MaxLogFileSize:                       defaultMaxLogFileSize,
+		DebugLevel:                           defaultLogLevel,
+		TLSCertPath:                          DefaultTLSCertPath,
+		TLSKeyPath:                           DefaultTLSKeyPath,
+		TLSValidity:                          DefaultAutogenValidity,
+		MacaroonPath:                         DefaultMacaroonPath,
+		MaxL402Cost:                          l402.DefaultMaxCostSats,
+		MaxL402Fee:                           l402.DefaultMaxRoutingFeeSats,
+		LoopOutMaxParts:                      defaultLoopOutMaxParts,
+		TotalPaymentTimeout:                  defaultTotalPaymentTimeout,
+		MaxPaymentRetries:                    defaultMaxPaymentRetries,
+		MaxStaticAddrHtlcFeePercentage:       defaultMaxStaticAddrHtlcFeePercentage,
+		MaxStaticAddrHtlcBackupFeePercentage: defaultMaxStaticAddrHtlcBackupFeePercentage,
+		EnableExperimental:                   false,
+		MigrationRPCBatchSize:                defaultRPCBatchSize,
 		Lnd: &lndConfig{
 			Host:         "localhost:10009",
 			MacaroonPath: DefaultLndMacaroonPath,
diff --git a/loopd/utils.go b/loopd/utils.go
@@ -40,16 +40,18 @@ func getClient(cfg *Config, swapDb loopdb.SwapStore,
 	}
 
 	clientConfig := &loop.ClientConfig{
-		ServerAddress:       cfg.Server.Host,
-		ProxyAddress:        cfg.Server.Proxy,
-		SwapServerNoTLS:     cfg.Server.NoTLS,
-		TLSPathServer:       cfg.Server.TLSPath,
-		Lnd:                 lnd,
-		MaxL402Cost:         btcutil.Amount(cfg.MaxL402Cost),
-		MaxL402Fee:          btcutil.Amount(cfg.MaxL402Fee),
-		LoopOutMaxParts:     cfg.LoopOutMaxParts,
-		TotalPaymentTimeout: cfg.TotalPaymentTimeout,
-		MaxPaymentRetries:   cfg.MaxPaymentRetries,
+		ServerAddress:                        cfg.Server.Host,
+		ProxyAddress:                         cfg.Server.Proxy,
+		SwapServerNoTLS:                      cfg.Server.NoTLS,
+		TLSPathServer:                        cfg.Server.TLSPath,
+		Lnd:                                  lnd,
+		MaxL402Cost:                          btcutil.Amount(cfg.MaxL402Cost),
+		MaxL402Fee:                           btcutil.Amount(cfg.MaxL402Fee),
+		LoopOutMaxParts:                      cfg.LoopOutMaxParts,
+		TotalPaymentTimeout:                  cfg.TotalPaymentTimeout,
+		MaxPaymentRetries:                    cfg.MaxPaymentRetries,
+		MaxStaticAddrHtlcFeePercentage:       cfg.MaxStaticAddrHtlcFeePercentage,
+		MaxStaticAddrHtlcBackupFeePercentage: cfg.MaxStaticAddrHtlcBackupFeePercentage,
 	}
 
 	if cfg.MaxL402Cost == defaultCost && cfg.MaxLSATCost != 0 {
