f: codex review

Author: joostjager

lightning/src/chain/chainmonitor.rs

@@ -1274,9 +1274,10 @@ where
 	///
 	/// [`ChannelManager`]: crate::ln::channelmanager::ChannelManager
 	pub fn flush(&self, count: usize, logger: &L) {
-		if count > 0 {
-			log_info!(logger, "Flushing up to {} monitor operations", count);
+		if count == 0 {
+			return;
 		}
+		log_info!(logger, "Flushing up to {} monitor operations", count);
 		for _ in 0..count {
 			let mut queue = self.pending_ops.lock().unwrap();
 			let op = match queue.pop_front() {
@@ -1334,6 +1335,10 @@ where
 				},
 			}
 		}
+
+		// A flushed monitor update may have generated new events, so assume we have
+		// some and wake the event processor.
+		self.event_notifier.notify();
 	}
 }
 

lightning/src/chain/channelmonitor.rs

@@ -1378,8 +1378,8 @@ pub(crate) struct ChannelMonitorImpl<Signer: EcdsaChannelSigner> {
 	/// In-memory only HTLC ids used to track upstream HTLCs that have been failed backwards due to
 	/// a downstream channel force-close remaining unconfirmed by the time the upstream timeout
 	/// expires. This is used to tell us we already generated an event to fail this HTLC back
-	/// during a previous block scan.
-	failed_back_htlc_ids: HashSet<SentHTLCId>,
+	/// during a previous block scan. Not serialized.
+	pub(crate) failed_back_htlc_ids: HashSet<SentHTLCId>,
 
 	// The auxiliary HTLC data associated with a holder commitment transaction. This includes
 	// non-dust HTLC sources, along with dust HTLCs and their sources. Note that this assumes any
@@ -4451,6 +4451,10 @@ impl<Signer: EcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 			}
 			let htlc_value_satoshis = Some(amount_msat / 1000);
 			let logger = WithContext::from(logger, None, None, Some(payment_hash));
+			// Defensively mark the HTLC as failed back so the expiry-based failure
+			// path in `block_connected` doesn't generate a duplicate `HTLCUpdate`
+			// event for the same source.
+			self.failed_back_htlc_ids.insert(SentHTLCId::from_source(source));
 			if let Some(confirmed_txid) = self.funding_spend_confirmed {
 				// Funding spend already confirmed past ANTI_REORG_DELAY: resolve immediately.
 				log_trace!(

lightning/src/util/test_utils.rs

@@ -713,12 +713,18 @@ impl<'a> chain::Watch<TestChannelSigner> for TestChainMonitor<'a> {
 		)
 		.unwrap()
 		.1;
+		// failed_back_htlc_ids is an in-memory-only dedup guard that is intentionally not
+		// serialized. Copy it to the deserialized monitor for the comparison, then clear
+		// it so it doesn't leak into the rest of the test.
+		let failed_back = monitor.inner.lock().unwrap().failed_back_htlc_ids.clone();
+		new_monitor.inner.lock().unwrap().failed_back_htlc_ids = failed_back;
 		if let Some(chan_id) = self.expect_monitor_round_trip_fail.lock().unwrap().take() {
 			assert_eq!(chan_id, channel_id);
 			assert!(new_monitor != *monitor);
 		} else {
 			assert!(new_monitor == *monitor);
 		}
+		new_monitor.inner.lock().unwrap().failed_back_htlc_ids.clear();
 		self.added_monitors.lock().unwrap().push((channel_id, new_monitor));
 		update_res
 	}