Make verifyAttempt more robust #10257

ziggie1984 · 2025-09-30T08:56:42Z

We now return an error when blinded and non blinded attempts are
combined. This was theoretically possible to register a legacy
attempt in combination with a blinded payment. This would have
been prevented by other checks in the code because legacy payments
are not split into shards.

resulted from #9147 (comment)

We now return an error when blinded and non blinded attempts are combined. This was theoretically possible to register a legacy attempt in combination with a blinded payment. This would have been prevented by other checks in the code because legacy payments are not split into shards.

ziggie1984 · 2025-09-30T11:27:00Z

/gemini review

gemini-code-assist

Code Review

This pull request enhances the robustness of payment attempt verification by adding a check to prevent mixing blinded and non-blinded attempts within the same payment. The implementation is straightforward and correct, introducing a new error and the corresponding validation logic in verifyAttempt. The changes are well-supported by an extensive suite of new unit tests, which significantly improves confidence in the payment verification logic. I've added one suggestion to further improve test coverage for the new validation.

gemini-code-assist · 2025-09-30T11:28:49Z

payments/db/payment_test.go

+		verifyAttempt(payment, &full),
+		ErrMixedBlindedAndNonBlindedPayments,
+	)
+}


This test covers adding a non-blinded attempt to a payment that already has a blinded attempt. For completeness, it would be beneficial to also test the reverse scenario: adding a blinded attempt to a payment that already has a non-blinded attempt.

) // Now test the other direction: a payment with a non-blinded attempt // should not accept a blinded attempt. nonBlindedExisting := makeLastHopAttemptInfo( 4, lastHopArgs{amt: 2000, mpp: record.NewMPP(total, testHash)}, ) paymentWithNonBlinded := makePayment( total, HTLCAttempt{HTLCAttemptInfo: nonBlindedExisting}, ) blindedAttempt := makeLastHopAttemptInfo( 5, lastHopArgs{amt: 2000, total: total, encrypted: []byte{1}}, ) require.ErrorIs( t, verifyAttempt(paymentWithNonBlinded, &blindedAttempt), ErrMixedBlindedAndNonBlindedPayments, ) }

ellemouton

lgtm!

ziggie1984 self-assigned this Sep 30, 2025

ziggie1984 added payments Related to invoices/payments code health Related to code commenting, refactoring, and other non-behaviour improvements labels Sep 30, 2025

ziggie1984 added this to v0.21 Sep 30, 2025

ziggie1984 added the no-changelog label Sep 30, 2025

ziggie1984 force-pushed the make-verifyAttempt-robust branch from 2941b9e to 3ec398f Compare September 30, 2025 09:03

ziggie1984 marked this pull request as ready for review September 30, 2025 09:03

ziggie1984 force-pushed the make-verifyAttempt-robust branch from 3ec398f to db23434 Compare September 30, 2025 09:08

ziggie1984 force-pushed the make-verifyAttempt-robust branch from db23434 to f4816c1 Compare September 30, 2025 09:09

ziggie1984 requested review from yyforyongyu and ellemouton September 30, 2025 10:43

ziggie1984 added this to the v0.21.0 milestone Sep 30, 2025

gemini-code-assist bot reviewed Sep 30, 2025

View reviewed changes

saubyk moved this to In review in v0.21 Sep 30, 2025

ellemouton approved these changes Oct 1, 2025

View reviewed changes

ziggie1984 changed the base branch from master to 0-21-0-staging October 6, 2025 19:49

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Make verifyAttempt more robust #10257

Make verifyAttempt more robust #10257

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Make verifyAttempt more robust #10257

Are you sure you want to change the base?

Make verifyAttempt more robust #10257

Uh oh!

Conversation

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Code Review

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!