lightningd: fix minimum depth.

Only the side *accepting* the connection gives a `minumum_depth`, but both
sides are supposed to wait that long:

BOLT #2:

	### The `funding_locked` message
...
	#### Requirements
	
	The sender MUST wait until the funding transaction has reached
	`minimum-depth` before sending this message.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

lightningd/channel_config.c

@@ -6,7 +6,6 @@ void towire_channel_config(u8 **pptr, const struct channel_config *config)
 	towire_u64(pptr, config->dust_limit_satoshis);
 	towire_u64(pptr, config->max_htlc_value_in_flight_msat);
 	towire_u64(pptr, config->channel_reserve_satoshis);
-	towire_u32(pptr, config->minimum_depth);
 	towire_u32(pptr, config->htlc_minimum_msat);
 	towire_u16(pptr, config->to_self_delay);
 	towire_u16(pptr, config->max_accepted_htlcs);
@@ -18,7 +17,6 @@ void fromwire_channel_config(const u8 **ptr, size_t *max,
 	config->dust_limit_satoshis = fromwire_u64(ptr, max);
 	config->max_htlc_value_in_flight_msat = fromwire_u64(ptr, max);
 	config->channel_reserve_satoshis = fromwire_u64(ptr, max);
-	config->minimum_depth = fromwire_u32(ptr, max);
 	config->htlc_minimum_msat = fromwire_u32(ptr, max);
 	config->to_self_delay = fromwire_u16(ptr, max);
 	config->max_accepted_htlcs = fromwire_u16(ptr, max);

lightningd/channel_config.h

@@ -35,7 +35,6 @@ struct channel_config {
 	u64 dust_limit_satoshis;
 	u64 max_htlc_value_in_flight_msat;
 	u64 channel_reserve_satoshis;
-	u32 minimum_depth;
 	u32 htlc_minimum_msat;
 	u16 to_self_delay;
 	u16 max_accepted_htlcs;

lightningd/opening/opening.c

@@ -174,6 +174,7 @@ static u8 *open_channel(struct state *state,
 	struct basepoints theirs;
 	struct pubkey their_funding_pubkey;
 	secp256k1_ecdsa_signature sig;
+	u32 minimum_depth;
 	const u8 **wscripts;
 
 	set_reserve(&state->localconf.channel_reserve_satoshis,
@@ -236,7 +237,7 @@ static u8 *open_channel(struct state *state,
 					->max_htlc_value_in_flight_msat,
 				     &state->remoteconf
 					->channel_reserve_satoshis,
-				     &state->remoteconf->minimum_depth,
+				     &minimum_depth,
 				     &state->remoteconf->htlc_minimum_msat,
 				     &state->remoteconf->to_self_delay,
 				     &state->remoteconf->max_accepted_htlcs,
@@ -266,10 +267,10 @@ static u8 *open_channel(struct state *state,
 	 * Other fields have the same requirements as their counterparts in
 	 * `open_channel`.
 	 */
-	if (state->remoteconf->minimum_depth > max_minimum_depth)
+	if (minimum_depth > max_minimum_depth)
 		peer_failed(PEER_FD, &state->cs, NULL, WIRE_OPENING_BAD_PARAM,
 			    "minimum_depth %u larger than %u",
-			    state->remoteconf->minimum_depth, max_minimum_depth);
+			    minimum_depth, max_minimum_depth);
 	check_config_bounds(state, state->remoteconf);
 
 	/* Now, ask master create a transaction to pay those two addresses. */
@@ -397,7 +398,8 @@ static u8 *open_channel(struct state *state,
 						 &theirs.revocation,
 						 &theirs.payment,
 						 &theirs.delayed_payment,
-						 &state->next_per_commit[REMOTE]);
+						 &state->next_per_commit[REMOTE],
+						 minimum_depth);
 }
 
 /* This is handed the message the peer sent which caused gossip to stop:
@@ -405,6 +407,7 @@ static u8 *open_channel(struct state *state,
 static u8 *recv_channel(struct state *state,
 			const struct pubkey *our_funding_pubkey,
 			const struct basepoints *ours,
+			u32 minimum_depth,
 			u32 min_feerate, u32 max_feerate, const u8 *peer_msg)
 {
 	struct channel_id id_in, channel_id;
@@ -501,7 +504,7 @@ static u8 *recv_channel(struct state *state,
 				    state->localconf
 				      .max_htlc_value_in_flight_msat,
 				    state->localconf.channel_reserve_satoshis,
-				    state->localconf.minimum_depth,
+				    minimum_depth,
 				    state->localconf.htlc_minimum_msat,
 				    state->localconf.to_self_delay,
 				    state->localconf.max_accepted_htlcs,
@@ -637,7 +640,7 @@ int main(int argc, char *argv[])
 	struct privkey seed;
 	struct basepoints our_points;
 	struct pubkey our_funding_pubkey;
-	u32 max_minimum_depth;
+	u32 minimum_depth, max_minimum_depth;
 	u32 min_feerate, max_feerate;
 
 	if (argc == 2 && streq(argv[1], "--version")) {
@@ -685,10 +688,11 @@ int main(int argc, char *argv[])
 				  &state->feerate_per_kw, &max_minimum_depth))
 		msg = open_channel(state, &our_funding_pubkey, &our_points,
 				   max_minimum_depth);
-	else if (fromwire_opening_accept(state, msg, NULL, &min_feerate,
-					 &max_feerate, &peer_msg))
+	else if (fromwire_opening_accept(state, msg, NULL, &minimum_depth,
+					 &min_feerate, &max_feerate, &peer_msg))
 		msg = recv_channel(state, &our_funding_pubkey, &our_points,
-				   min_feerate, max_feerate, peer_msg);
+				   minimum_depth, min_feerate, max_feerate,
+				   peer_msg);
 
 	/* Write message and hand back the fd. */
 	wire_sync_write(REQ_FD, msg);

lightningd/opening/opening_wire.csv

@@ -49,9 +49,11 @@ opening_open_funding_reply,244,revocation_basepoint,33
 opening_open_funding_reply,277,payment_basepoint,33
 opening_open_funding_reply,310,delayed_payment_basepoint,33
 opening_open_funding_reply,343,their_per_commit_point,33
+opening_open_funding_reply,376,minimum_depth,4
 
 # This means they offer the open (contains their offer packet)
 opening_accept,3
+opening_accept,0,minimum_depth,4
 opening_accept,0,min_feerate,4
 opening_accept,4,max_feerate,4
 opening_accept,8,len,2

lightningd/peer_control.c

@@ -553,9 +553,9 @@ static enum watch_result funding_depth_cb(struct peer *peer,
 	loc = tal_free(loc);
 
 	log_debug(peer->log, "Funding tx %s depth %u of %u",
-		  txidstr, depth, peer->our_config.minimum_depth);
+		  txidstr, depth, peer->minimum_depth);
 
-	if (depth < peer->our_config.minimum_depth)
+	if (depth < peer->minimum_depth)
 		return KEEP_WATCHING;
 
 	/* In theory, it could have been buried before we got back
@@ -981,7 +981,8 @@ static bool opening_release_tx(struct subd *opening, const u8 *resp,
 						 &theirbase.revocation,
 						 &theirbase.payment,
 						 &theirbase.delayed_payment,
-						 &their_per_commit_point)) {
+						 &their_per_commit_point,
+						 &fc->peer->minimum_depth)) {
 		log_broken(fc->peer->log, "bad OPENING_OPEN_FUNDING_REPLY %s",
 			   tal_hex(resp, resp));
 		tal_free(fc->peer);
@@ -1134,13 +1135,6 @@ static void channel_config(struct lightningd *ld,
 	ours->dust_limit_satoshis = 546;
 	ours->max_htlc_value_in_flight_msat = UINT64_MAX;
 
-	/* BOLT #2:
-	 *
-	 * The sender SHOULD set `minimum-depth` to an amount where
-	 * the sender considers reorganizations to be low risk.
-	 */
-	ours->minimum_depth = ld->dstate.config.anchor_confirms;
-
 	/* Don't care */
 	ours->htlc_minimum_msat = 0;
 
@@ -1197,6 +1191,13 @@ void peer_accept_open(struct peer *peer,
 	/* We handed off peer fd */
 	peer->fd = -1;
 
+	/* BOLT #2:
+	 *
+	 * The sender SHOULD set `minimum-depth` to an amount where
+	 * the sender considers reorganizations to be low risk.
+	 */
+	peer->minimum_depth = ld->dstate.config.anchor_confirms;
+
 	channel_config(ld, &peer->our_config,
 		       &max_to_self_delay, &max_minimum_depth,
 		       &min_effective_htlc_capacity_msat);
@@ -1209,7 +1210,8 @@ void peer_accept_open(struct peer *peer,
 				  cs, peer->seed);
 
 	subd_send_msg(peer->owner, take(msg));
-	msg = towire_opening_accept(peer, 7500, 150000, from_peer);
+	msg = towire_opening_accept(peer, peer->minimum_depth,
+				    7500, 150000, from_peer);
 
 	/* Careful here!  Their message could push us overlength! */
 	if (tal_len(msg) >= 65536) {

lightningd/peer_control.h

@@ -46,6 +46,9 @@ struct peer {
 	/* Our channel config. */
 	struct channel_config our_config;
 
+	/* Minimum funding depth (specified by us if they fund). */
+	u32 minimum_depth;
+
 	/* Funding txid and amounts (once known) */
 	struct sha256_double *funding_txid;
 	u16 funding_outnum;