Reject counterparty RBF with non-confirming feerate after several attempts

jkczyz · claude · jkczyz · commit eba82b80221b · 2026-03-24T17:20:08.000-05:00
After a few RBF attempts, the counterparty should be RBFing to a
feerate that will actually confirm. Reject attempts with feerates
below the fee estimator's NonAnchorChannelFee target to prevent the
counterparty from exhausting the RBF budget at low feerates.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/lightning/src/ln/channel.rs b/lightning/src/ln/channel.rs
@@ -12682,6 +12682,18 @@ where
 			return Err(ChannelError::Abort(AbortReason::InsufficientRbfFeerate));
 		}
 
+		// After several RBF attempts, require the feerate to be high enough to confirm.
+		// This prevents the counterparty from exhausting the RBF budget at low feerates
+		// that won't lead to timely confirmation.
+		const MAX_LOW_FEERATE_RBF_ATTEMPTS: usize = 3;
+		if pending_splice.negotiated_candidates.len() > MAX_LOW_FEERATE_RBF_ATTEMPTS {
+			let min_feerate =
+				fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::NonAnchorChannelFee);
+			if new_feerate < min_feerate {
+				return Err(ChannelError::Abort(AbortReason::InsufficientRbfFeerate));
+			}
+		}
+
 		let their_funding_contribution = match msg.funding_output_contribution {
 			Some(value) => SignedAmount::from_sat(value),
 			None => SignedAmount::ZERO,
diff --git a/lightning/src/ln/splicing_tests.rs b/lightning/src/ln/splicing_tests.rs
@@ -6305,3 +6305,76 @@ fn test_splice_revalidation_at_quiescence() {
 
 	expect_splice_failed_events(&nodes[0], &channel_id, contribution);
 }
+
+#[test]
+fn test_splice_rbf_rejects_low_feerate_after_several_attempts() {
+	// After several RBF attempts, the counterparty's RBF feerate must be high enough to
+	// confirm (per the fee estimator). Early attempts at low feerates are accepted, but
+	// once the threshold is crossed and the fee estimator expects a higher feerate, the
+	// attempt is rejected.
+	let chanmon_cfgs = create_chanmon_cfgs(2);
+	let node_cfgs = create_node_cfgs(2, &chanmon_cfgs);
+	let node_chanmgrs = create_node_chanmgrs(2, &node_cfgs, &[None, None]);
+	let nodes = create_network(2, &node_cfgs, &node_chanmgrs);
+
+	let node_id_0 = nodes[0].node.get_our_node_id();
+	let node_id_1 = nodes[1].node.get_our_node_id();
+
+	let initial_channel_value_sat = 100_000;
+	let (_, _, channel_id, _) =
+		create_announced_chan_between_nodes_with_value(&nodes, 0, 1, initial_channel_value_sat, 0);
+
+	let added_value = Amount::from_sat(50_000);
+	provide_utxo_reserves(&nodes, 2, added_value * 2);
+
+	// Round 0: Initial splice-in at floor feerate (253).
+	let funding_contribution = do_initiate_splice_in(&nodes[0], &nodes[1], channel_id, added_value);
+	let (_, new_funding_script) =
+		splice_channel(&nodes[0], &nodes[1], channel_id, funding_contribution);
+
+	// Feerate progression: 253 → 264 → 275 → 287 → 300
+	let feerate_1 = (FEERATE_FLOOR_SATS_PER_KW as u64 * 25).div_ceil(24);
+	let feerate_2 = (feerate_1 * 25).div_ceil(24);
+	let feerate_3 = (feerate_2 * 25).div_ceil(24);
+	let feerate_4 = (feerate_3 * 25).div_ceil(24);
+
+	// Rounds 1-3: RBF at minimum bump. Accepted (at or below threshold).
+	for feerate in [feerate_1, feerate_2, feerate_3] {
+		provide_utxo_reserves(&nodes, 2, added_value * 2);
+		let rbf_feerate = FeeRate::from_sat_per_kwu(feerate);
+		let contribution =
+			do_initiate_rbf_splice_in(&nodes[0], &nodes[1], channel_id, added_value, rbf_feerate);
+		complete_rbf_handshake(&nodes[0], &nodes[1]);
+		complete_interactive_funding_negotiation(
+			&nodes[0],
+			&nodes[1],
+			channel_id,
+			contribution,
+			new_funding_script.clone(),
+		);
+		let (_, splice_locked) = sign_interactive_funding_tx(&nodes[0], &nodes[1], false);
+		assert!(splice_locked.is_none());
+		expect_splice_pending_event(&nodes[0], &node_id_1);
+		expect_splice_pending_event(&nodes[1], &node_id_0);
+	}
+
+	// Now 4 negotiated candidates (round 0 + rounds 1-3). Bump the fee estimator on node 1
+	// (the RBF receiver) so the next minimum RBF feerate (300) is below it.
+	let high_feerate = 1000;
+	*chanmon_cfgs[1].fee_estimator.sat_per_kw.lock().unwrap() = high_feerate;
+
+	// Round 4: RBF at minimum bump (300). Should be rejected because 300 < 1000.
+	provide_utxo_reserves(&nodes, 2, added_value * 2);
+	let rbf_feerate_3 = FeeRate::from_sat_per_kwu(feerate_4);
+	let _contribution =
+		do_initiate_rbf_splice_in(&nodes[0], &nodes[1], channel_id, added_value, rbf_feerate_3);
+	let stfu_0 = get_event_msg!(nodes[0], MessageSendEvent::SendStfu, node_id_1);
+	nodes[1].node.handle_stfu(node_id_0, &stfu_0);
+	let stfu_1 = get_event_msg!(nodes[1], MessageSendEvent::SendStfu, node_id_0);
+	nodes[0].node.handle_stfu(node_id_1, &stfu_1);
+
+	// Node 0 sends tx_init_rbf. Node 1 rejects the low feerate after the threshold.
+	let tx_init_rbf = get_event_msg!(nodes[0], MessageSendEvent::SendTxInitRbf, node_id_1);
+	nodes[1].node.handle_tx_init_rbf(node_id_0, &tx_init_rbf);
+	get_event_msg!(nodes[1], MessageSendEvent::SendTxAbort, node_id_0);
+}
