Allow honoring reserve in send_all_to_address
#345
Conversation
tnull
force-pushed
the
2024-08-regard-reserve-spending-all
branch
from
a020d7c
to
b62484a
Compare
tnull
changed the title
send_all_to_addresssend_all_to_address
| }, | ||
| Err(err) => { | ||
| log_error!(self.logger, "Failed to create transaction: {}", err); | ||
| return Err(err.into()); | ||
| }, | ||
| }; | ||
|
|
||
| // Check the reserve requirements (again) and return an error if they aren't met. |
There was a problem hiding this comment.
Not sure I follow. Why is a second check needed?
There was a problem hiding this comment.
The general issue is that we don't have a "send_all_but_X" method available, we can only set X amount or entirely drain the wallet (the latter of course resulting in not adding a change output). We also don't have any good tools to pre-compute the fee it gonna takes to construct a particular transaction without completely replicating BDK internals here (and even then you wouldn't be able to invert the fee estimation algorithm).
So the approach we took here is: construct a temporary draining transaction to estimate how much fees it would take, check that our available balance (i.e., the entire balance minus the reserve) is sufficient to cover the fee, then use this estimate to calculate how much above the reserve we're able to spend, and then construct the actual spending transaction with the estimated fee and the estimated spendable balance.
Once we did all that we now build the PSBT and check again that we're really able to spend what we just constructed without infringing on the reserve, and go ahead and sign it.
So TLDR: first round of checks are on the temporary transaction we use to estimate fees (and hence the spendable amount), second round of checks on the actual final transaction we try to spend.
| @@ -279,7 +279,7 @@ fn onchain_spend_receive() { | |||
| assert!(node_b.list_balances().spendable_onchain_balance_sats < 100000); | |||
|
|
|||
| let addr_b = node_b.onchain_payment().new_address().unwrap(); | |||
| let txid = node_a.onchain_payment().send_all_to_address(&addr_b).unwrap(); | |||
| let txid = node_a.onchain_payment().send_all_to_address(&addr_b, false).unwrap(); | |||
There was a problem hiding this comment.
Could we additional test coverage?
There was a problem hiding this comment.
Now added test coverage and discovered small issues around relayability (on regtest, at least). Therefore now finally got around to do a refactor of FeeEstimator that should allow us to configure these targets a little more fine-grained rather than misusing LDK's API (which we more ore less did before). Now based this PR on top of #352.
tnull
force-pushed
the
2024-08-regard-reserve-spending-all
branch
from
b62484a
to
2266163
Compare
|
Now based on top of #352. |
tnull
force-pushed
the
2024-08-regard-reserve-spending-all
branch
3 times, most recently
from
385fbe5
to
28fed4c
Compare
src/wallet.rs
Outdated
| tmp_tx_builder | ||
| .add_recipient(address.script_pubkey(), spendable_amount_sats) | ||
| .fee_rate(fee_rate) | ||
| .enable_rbf(); |
There was a problem hiding this comment.
Couldn't this result in a transaction where the entire cur_anchor_reserve_sats goes to fees? And thus there could be one less output, which would cause the fee estimation to be off?
Would the following solve this?
let change_address = locked_wallet.get_internal_address(AddressIndex::Peek(0));
tmp_tx_builder
.drain_wallet()
.drain_to(address.script_pubkey())
.add_recipient(change_address, cur_anchor_reserve_sats)
.fee_rate(fee_rate)
.enable_rbf();Though if cur_anchor_reserve_sats was exactly covered by one utxo, then an extra input would be used in the estimation. 🤔
There was a problem hiding this comment.
Couldn't this result in a transaction where the entire
cur_anchor_reserve_satsgoes to fees? And thus there could be one less output, which would cause the fee estimation to be off?
Yes, this could be the case, I think.
Would the following solve this?
let change_address = locked_wallet.get_internal_address(AddressIndex::Peek(0)); tmp_tx_builder .drain_wallet() .drain_to(address.script_pubkey()) .add_recipient(change_address, cur_anchor_reserve_sats) .fee_rate(fee_rate) .enable_rbf();
Mhh, seems reasonable to assume that this would make the estimation a tad more precise, I'll add a fixup for this.
Though if
cur_anchor_reserve_satswas exactly covered by one utxo, then an extra input would be used in the estimation. 🤔
Yes, this would be an edge case. Similarly, the coin selection algorithm might decide to omit outputs (if they'd end up to be dust, for example), which also would throw the calculation off.
There was a problem hiding this comment.
Btw, curiously, at least in local small-scale testing, both approaches seem to result in virtually the same weight discrepancies between temporary and final transaction, while other factors (randomness in coin selection?) seem to have a bigger impact.
src/wallet.rs
Outdated
| }; | ||
|
|
||
| let estimated_tx_fee_sats = | ||
| tmp_tx_details.fee.unwrap_or(0).max(FEERATE_FLOOR_SATS_PER_KW as u64); |
There was a problem hiding this comment.
Shouldn't FEERATE_FLOOR_SATS_PER_KW be accounted for by the fee estimator when computing the fee_rate passed to the builder?
There was a problem hiding this comment.
Yes, it's mostly a failsafe as we use the absolute estimated fee, not the fee rate. But you're right, assuming the estimation is reasonably close, we can probably omit this.
.. previously we used LDK's `FeeEstimator` and `ConfirmationTarget` and ~misused some of the latter's variants for our non-Lightning operations. Here, we introduce our own `FeeEstimator` and `ConfirmationTarget` allowing to add specific variants for `ChannelFunding` and `OnchainPayment`s, for example.
.. while it's most often bitcoind already knowing about a transaction already, the error sometimes holds additional information (e.g., not meeting the mempool min).
Previously, `OnchainPayment::send_all_to_address` could only be used to fully drain the onchain wallet, i.e., would not retain any reserves. Here, we try to introduce a `retain_reserves` bool that allows users to send all funds while honoring the configured on-chain reserves. While we're at it, we move the reserve checks for `send_to_address` also to the internal wallet's method, which makes the checks more accurate as they now are checked against the final transaction value, including transaction fees.
.. rather than undercutting the fee, we now choose a method that might slightly overestimate fees, ensuring its relayability. We also make sure the net fee is always larger than the fee rate floor.
tnull
force-pushed
the
2024-08-regard-reserve-spending-all
branch
from
28fed4c
to
b0f8d6c
Compare
| } | ||
|
|
||
| let mut psbt = match tx_builder.finish() { | ||
| Ok((psbt, _)) => { | ||
| let (mut psbt, tx_details) = match tx_builder.finish() { |
There was a problem hiding this comment.
@jkczyz FYI: It seems BDK 1.0 removed the returned tx_details here, so we won't be able to use them for the checks below going forward (see bitcoindevkit/bdk#1401).
I think I'll deprioritize this PR for now and try to rebase/pick it up again after the BDK upgrade is through and we can evaluate what APIs are available really (e.g., might need to reimplement sent/received logic manually based on the inputs/outputs and the Wallet::is_mine functionality).
Previously,
OnchainPayment::send_all_to_addresscould only be used to fully drain the onchain wallet, i.e., would not retain any reserves.Here, we try to introduce a
retain_reservesbool that allows users to send all funds while honoring the configured on-chain reserves. While we're at it, we move the reserve checks forsend_to_addressalso to the internal wallet's method, which makes the checks more accurate as they now are checked against the final transaction value, including transaction fees.This was requested by a user, but I'm a bit on the fence if we actually should move forward with it: for one, figuring out the spendable amount above the reserve is always gonna be inexact compared to draining the wallet.Moreover, adding this to our API might send the wrong message of the reserve value being an exact value, while it's always on the safer side to maintain a larger reserve.