bolt3

Lightning transaction and script formats, per BOLT #3 (docs.ppad.tech/bolt3).
git clone git://git.ppad.tech/bolt3.git
Log | Files | Refs | README | LICENSE

REVIEW1.md (2059B)

      1 # REVIEW1: PTAL findings (master)
      2 
      3 ## Scope
      4 
      5 Review of recent master commits:
      6 - 8af91e3 (Types)
      7 - 583dea5 (Keys)
      8 - 8ed369e (Scripts)
      9 - 5c8e641 (Keys fix)
     10 
     11 ## Findings
     12 
     13 ### Critical
     14 
     15 1) SecretStore bucket indexing is inconsistent with shachain layout.
     16    - `SecretStore` stores entries in a plain list without bucket
     17      positions; `insert_secret` and `derive_old_secret` treat list index
     18      as bucket index.
     19    - `insertAt` appends when `length entries <= b`, so inserting bucket 10
     20      into an empty store yields position 0; `derive_old_secret` then uses
     21      `b=0` for masking/derivation and produces incorrect results or
     22      accepts invalid secrets.
     23    - References:
     24      - `lib/Lightning/Protocol/BOLT3/Keys.hs:304`
     25      - `lib/Lightning/Protocol/BOLT3/Keys.hs:331`
     26      - `lib/Lightning/Protocol/BOLT3/Keys.hs:374`
     27 
     28 ### High
     29 
     30 2) HTLC ordering deviates from BOLT #3.
     31    - `Ord HTLC` compares amount then `cltv_expiry`, but spec requires
     32      ordering by amount then `scriptPubKey` lexicographic (with
     33      `cltv_expiry` impacting script bytes for received HTLCs).
     34    - This affects output ordering and thus signature preimages.
     35    - Reference: `lib/Lightning/Protocol/BOLT3/Types.hs:205`
     36 
     37 3) `to_remote_witness` missing pubkey in non-anchors case.
     38    - P2WPKH witness must be `<sig> <pubkey>`; helper returns only
     39      `<sig>` and relies on caller to append pubkey (not implemented).
     40    - Reference: `lib/Lightning/Protocol/BOLT3/Scripts.hs:365`
     41 
     42 4) `push_cltv` encodes script numbers with reversed endianness.
     43    - `encode_scriptnum` builds little-endian then reverses twice, yielding
     44      big-endian output. Values > 16 will be incorrectly encoded.
     45    - Reference: `lib/Lightning/Protocol/BOLT3/Scripts.hs:191`
     46 
     47 ## Notes / Open questions
     48 
     49 - Witness helpers for P2WSH outputs omit the witness script item; if the
     50   Tx assembly is expected to append the script, document this explicitly
     51   to avoid misuse.
     52 - `to_remote_script` returns a witness script for anchors but a
     53   scriptPubKey for non-anchors; consider splitting APIs or clarifying
     54   naming.