Add additional sanity checks before starting a swap

[nepet]

We add an additional check that we can spend/receive the swap amount over the desired channel before initiating a swap.

[YusukeShimizu]

Since there are similarities with CheckChannel function, I think it would be good if CheckChannel could be eliminated and integrated into checks using SpendableMsat.

The following may be the scope of #81, but I mention it because I am working on it.

I think it would be nice to be able to check htlc_maximum_msat as well.
it would be nice to check SpendableMsat after we received the swap_out_agreement that contains the "fee_invoice".

I would appreciate your feedback.

[nepet]

Since there are similarities with CheckChannel function, I think it would be good if CheckChannel could be eliminated and integrated into checks using SpendableMsat.

True, there is indeed some room for refactoring and improvement. I will refactor said methods and the interface once I know that the pr fixes @grubles problem with the swap amounts.

The following may be the scope of #81, but I mention it because I am working on it.

I think it would be nice to be able to check htlc_maximum_msat as well.

We can only ever give an estimate on what is spendable. For cln we can use spendable_msat if it is set. Otherwise we have to deal with a fallback. It is definitely a good idea to check htlc_maximum_msat as long as we don't split the payment.

it would be nice to check SpendableMsat after we received the swap_out_agreement that contains the "fee_invoice".

I would rather check before we start the swap at all, once we are at the point where we want to pay an invoice we can just do so and act accordingly if it fails.

[nepet]

Oh sorry, maybe I misunderstood, of course it would be nice to check if we can pay the whole swap amount before paying the fee_invoice ^^

[YusukeShimizu]

I will refactor said methods and the interface once I know that the pr fixes @grubles problem with the swap amounts.

I understood.
LGTM

it would be nice to check if we can pay the whole swap amount before paying the fee_invoice

Yes, this is what I wanted to tell you.
I will implement it as a response to #81.
Thank you for confirming.

[grubles]

Tested with unpatched CLN v23.08 node and patched LND v0.17.0-beta.rc2.

Trying an impossible swap-out with unpatched node as initiator:

$ lightning-cli --signet peerswap-swap-out 140490x1x0 250000000 lbtc
{
   "code": -1,
   "message": "swap canceled, reason: from the LND peer: exceeding receivable amount_msat: 236942513000"
}

An impossible swap-in is rejected locally.

[wtogami]

This PR seems to do the right thing.

I will refactor said methods and the interface once I know that the pr fixes @grubles problem with the swap amounts.

Here it sounds that Peter will refactor to check htlc_maximum_msat.

I will implement it as a response to #81.

But Yusuke said he can implement it after this is merged.

Let's merge this now since it works, then you two discuss who takes the next step?

[nepet]

Let me clean this up a bit so that we can merge it as is (without htlc_maximum_msat). I am happy to pass this to @YusukeShimizu for further steps.

Is this okay for you @YusukeShimizu, @wtogami?

[YusukeShimizu]

Yes, I am OK.

I will implement the following two features.

1. check if we can pay the whole swap amount before paying the fee_invoice
2. make htlc_maximum_msat be taken into account when calculating SpendableMsat

[wtogami]

https://github.com/ElementsProject/peerswap/actions/runs/6177482756/job/16768697864?pr=235
Test flake, this succeeded on the subsequent try

[grubles]

Tested eab7760 successfully. An impossible swap-out initiated by an unpatched CLN PeerSwap is rejected by the patched receiving LND instance. An impossible swap-in is rejected by the initiating PeerSwap instance.

{                                                                                                                                                                                                                  
   "code": -1,                                                                                                                                                                                                     
   "message": "swap canceled, reason: from the LND peer: exceeding receivable amount_msat: 236942513000"                                                                                                           
} 

[grubles]

Don't merge yet. I want to test a little bit more with different configurations (a CLN <> CLN channel and a LND <> LND channel).

[grubles]

Looks like an impossible swap-out can still occur between two CLN nodes.

Run one unpatched PeerSwap and one patched PeerSwap (both with CLN) and initiate a swap-out from the unpatched node that exceeds the channel balance. The opening tx will be broadcasted but since the unpatched node can't actually pay the other side, the swap eventually fails.

      {
         "id": "a62f31307d77273c38088cf19cefc3b897bdc3995dacc9222c5727bbf2a34547",
         "created_at": 1694709464,
         "asset": "lbtc",
         "type": "swap-out",
         "role": "sender",
         "state": "State_ClaimedCoop",
         "initiator_node_id": "036e680823a129ac9a2eeb8c43514a5b6cb09ae28e3e698a0e34aaa8865d6cc344",
         "peer_node_id": "02480257dedb3079d3d41ead4986553473633545f7dfd0003aaa2ca9160e0d6162",
         "amount": 49991000,
         "channel_id": "160601x1x0",
         "opening_tx_id": "f5453db0e2c3c93601a84d2463958e85a251355f2d10e1bdbb3df7cfc41d8b92",
         "cancel_message": "could not pay invoice: timeout, last err: 204:failed: WIRE_TEMPORARY_CHANNEL_FAILURE (WIRE_TEMPORARY_CHANNEL_FAILURE: Capacity exceeded - HTLC fee: 226sat)",
         "lnd_chan_id": 176582666932518912
      }

[grubles]

Successfully tested with two LND nodes (one unpatched, one patched).

[wtogami]

Merging

Remaining Tasks

• Fix CLN rejecting impossible swap from CLN
• Add maxhtlc limit checking