This commit fixes a possible exploit by the loop server, where
- in a loop out - the server could claim money off-chain, without
publishing an on-chain swap htlc.
The server could do this by responding with a regular invoice, whose hash
is different than the hash in the NewLoopOutSwap request. To prevent
the exploit, we validate that the hash of the swap invoice is equal to the
hash the client generated.
In this commit, we introduce a delta from the on-chain HTLC's
expiration. Since clients are now able to specify a confirmation target
for the HTLC sweep, it's possible that the sweep doesn't confirm within
the intended target in the event of an increasing demand for block
space. Once the delta from the HTLC's expiration is reached, we'll begin
to use the default sweep confirmation target when sweeping the HTLC,
which should provide a timely confirmation. This is needed because if
the preimage has already been revealed, then we need to make sure we
sweep the HTLC before the server does.
This commit adds the required code to persist loop in swaps. It also
introduces the file loop.go to which shared code is moved.
Sharing of contract serialization/deserialization code has been
reverted. The prepay fields do not apply to loop in, but were part of
the shared contract struct. Without also adding a migration, it wouldn't
be possible to keep the shared code.
In general it is probably more flexible to keep the contract
serialization code separated between in and out swaps.