-
Notifications
You must be signed in to change notification settings - Fork 912
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
'invoice' command returning preimage. #3295
Conversation
For context: we aren't displaying the Worse, if any node on the path between sender and recipient learns about the preimage before the payment is attempted it can grab the transfer, short-circuiting it using the preimage. This would then be a really hard to debug situation (sender sends payment successfully, but the payment never arrives at the recipient, but sender still has proof that he paid). A middle ground could be to show the preimage after the payment has completed and the invoice was paid, at which point users could compare the preimage and just see that it matches on both ends. |
Well, but doesn't this seem like a big user failure from someone who doesn't know what they're doing? A user like that can do a lot of harm to himself already in other ways. Like being tricked into issuing Anyway, ignore the above paragraph. The middle ground you suggested is a big improvement, I think. And it even solves my specific issue now that I'm thinking about it. I'll change this PR to do that. |
About the middle ground: |
All of those RPC calls however are on the sender side, and I think @fiatjaf is talking about the recipient side. I'll implement the middle solution ASAP :-) |
2db31f3
to
dab767b
Compare
I went ahead and added a couple of fixup commits that I'll squash before merging, but I wanted to get @fiatjaf's sign-off first:
The commit message for the first commit doesn't really match anymore, if you'd like I can reword that before squashing ^^ |
I think this is great, thanks! Please reword the commit while squashing, yes. Also thank you for the compliment, it means a lot to my insufficient C skills. |
I share @cdecker's reluctance to share the preimage, but this could be made a parameter to listinvoices (default off). |
I had thought about this, however if we assume the attacker can trick the user into sharing the output of |
dab767b
to
b483f0a
Compare
Rebased and squashed, should be good to go, unless @rustyrussell wants to guard the |
b483f0a
to
f309dc0
Compare
Changelog-Added: JSON-RPC: `listinvoices` now displays the payment preimage if the invoice was paid.
f309dc0
to
d0905df
Compare
Ack d0905df [ Changed ACK to Ack to see if ackbot will recognize it? --RR ] |
Ack d0905df |
Yeah, the bot had caught it, but calling the status RPC on Github failed, so changes to the ack message were bumping against the uniqueness constraint and not retrying the Github RPC call. Will fix 😉 |
I'm sorry for this silly PR, but this has been bugging me for a long time. Being able to see the preimages of invoices issued is good for overall understanding of the protocol and for easy checking of payment proofs from others, not to mention other advanced uses (which may be covered by passing your own preimage to
invoice
as the docs imply, but still).The point is that this doesn't hurt and makes everything better.
Some useless context
On https://t.me/lntxbot I like to show a lot of debugging information (because I'm crazy and I think users will want to understand what is happening):
However, because I can't get the preimages my invoices are using from the
invoice
command to show these preimages I have to generate them on my own using a probably-not-so-safe generator and store them in not-so-optimal ways instead of havinglightningd
generate them for me.edit: just realized the above image is from the sender side, not the receiver, so completely unrelated.