This commit adds the MuSig2 version as an input parameter when creating
Taproot htlcs. This will allow us to create both old and new MuSig2
Taproot HTLCs correctly.
This commit fixes outstanding linter issues, that we're not found by
running `make lint` locally. The linter issues were found by running
`docker run -v $(pwd):/build loop-tools golangci-lint run --whole-files`
I added the `revive` to the excludes as it would be to much of a
refactor and IMO seems unneccesary. E.g.
`interface.go:222:6: exported: type name will be used as
loop.LoopInTerms by other packages, and that stutters; consider
calling this InTerms (revive)`. I think `loop.LoopInTerms` is fine.
This commit is a refactor of how we construct htlcs to make it possible
to pass in internal keys for the sender and receiver when creating P2TR
htlcs. Furthermore the commit also cleans up constructors to not pass in
script versions and output types to make the code more readable.
This commit removes all code related to NP2WSH htlcs. These were
historically used when segwit adoption was very sporadic and are not
used anywhere anymore. Some historical swaps stored in the DB may be
listed with incorrect htlc adresses from here on.
This commit adds optional cooperative musig2 sweep by calling the server
to create a partial signature for the sweep if we'd otherwise be allowed
to spend the htlc. If the cooperative musig2 spend fails, we always fall
back to use the scriptpath spend.
Taproot spends require a different sighash, so we update our HtlcScript
interface to provide the appropriate sighash when sweeping. We also add
distinct Timeout/Success Script functions to allow for tapleaf spends
which have different locking scripts for different paths. Note that the
timeout and success paths will be the same for segwit v0 htlcs, because
it has a single branched script containing all spend paths.
In future iterations, this differentiation of claim scripts can also
be used to use musig2 to collaboratively keyspend P2TR htlcs with the
server. This script can be expressed as PriorityScript (because we'll
try to keyspend as a priority, and then fall back to a tap leaf spend).
As we've done here, segwit v0 spends would just return their single
script for PriorityScript, and the claim would be no different from
our other claims.
Use of the Script() function is problematic when we introduce taproot
because our script will vary depending whether we use keyspend or a
tapleaf spend path (and on the tapleaf spent). This has not previously
been a problem for segwitv0 scripts, because they contain all of the
logical branches for each of our spend conditions in a single script.
This commit prepares for removal of the Script() function by moving
our address/pkScript/sigScript generation (which need Script()) into
each script's implementation of the HtlcScript interface so that
they have access to the script directly.
In this commit we add the version 3 htlc, which is implemented with
taproot script spending the two payment paths: the claim path case, and
the timeout case.
This commit fixes a possible exploit by the loop server, where
- in a loop out - the server could claim money off-chain, without
publishing an on-chain swap htlc.
The server could do this by responding with a regular invoice, whose hash
is different than the hash in the NewLoopOutSwap request. To prevent
the exploit, we validate that the hash of the swap invoice is equal to the
hash the client generated.
This commit fixes the generation of the htlc address. This bug didn't
affect the swap execution, because the htlc address is only used for
display to the user/caller.
