eclair-v0.10.0.md

Eclair v0.10.0

This release adds official support for the dual-funding feature, an up-to-date implementation of Bolt 12 offers, and a fully working splicing prototype. We're waiting for the specification work to be finalized for some of those features, and other implementations to be ready for cross-compatibility tests. You should only activate them if you know what you're doing, and are ready to handle backwards-incompatible changes!

This release also contains various on-chain fee improvements, more configuration options, performance enhancements and various minor bug fixes.

Major changes

Dual funding

After many years of work and refining the protocol, dual funding has been added to the BOLTs.

This release of eclair activates dual funding, and it will automatically be used with cln nodes. When opening channels to nodes that don't support dual funding, the older funding protocol will be used automatically.

One of the immediate benefits of dual funding is that the funding transaction can now be RBF-ed, using the rbfopen RPC.

There is currently no way to automatically add funds to channels that are being opened to your node, as deciding whether to do so or not really depends on each node operator's peering strategy. We have however created a sample plugin that node operators can fork to implement their own strategy for contributing to inbound channels.

Update minimal version of Bitcoin Core

With this release, eclair requires using Bitcoin Core 24.1. Newer versions of Bitcoin Core may be used, but haven't been extensively tested.

Bolt12

Eclair supports the latest state of the Bolt 12 specification. The specification may still change at that point, so support is experimental, but you may try it using:

• the payoffer RPC to pay a Bolt 12 offer
• the tip jar plugin to generate Bolt 12 offers

This may also be compatible with other implementations, but there's no guarantee at that point.

Use priority instead of block target for feerates

Eclair now uses a slow/medium/fast notation for feerates (in the style of mempool.space), instead of block targets. Only the funding and closing priorities can be configured, the feerate for commitment transactions is managed by eclair, so is the fee bumping for htlcs in force close scenarii. Note that even in a force close scenario, when an output is only spendable by eclair, then the normal closing priority is used.

Default setting is medium for both funding and closing. Node operators may configure their values like so:

eclair.on-chain-fees.confirmation-priority {
    funding = fast
    closing = slow
}

This configuration section replaces the previous eclair.on-chain-fees.target-blocks section.

Add configurable maximum anchor fee

Whenever an anchor outputs channel force-closes, we regularly bump the fees of the commitment transaction to get it to confirm. We previously ensured that the fees paid couldn't exceed 5% of our channel balance, but that may already be extremely high for large channels. Without package relay, our anchor transactions may not propagate to miners, and eclair may end up bumping the fees more than the actual feerate, because it cannot know why the transaction isn't confirming.

We introduced a new parameter to control the maximum fee that will be paid during fee-bumping, that node operators may configure:

// maximum amount of fees we will pay to bump an anchor output when we have no HTLC at risk
eclair.on-chain-fees.anchor-without-htlcs-max-fee-satoshis = 10000

We also limit the feerate used to be at most of the same order of magnitude as the fastest feerate provided by our fee estimator.

Managing Bitcoin Core wallet keys

You can now use Eclair to manage the private keys for on-chain funds monitored by a Bitcoin Core watch-only wallet.

See docs/ManagingBitcoinCoreKeys.md for more details.

Advertise low balance with htlc_maximum_msat

Eclair used to disable a channel when there was no liquidity on our side so that other nodes stop trying to use it. However, other implementations use disabled channels as a sign that the other peer is offline. To be consistent with other implementations, we now only disable channels when our peer is offline and signal that a channel has very low balance by setting htlc_maximum_msat to a low value. The balance thresholds at which to update htlc_maximum_msat are configurable like this:

eclair.channel.channel-update {
    balance-thresholds = [{
        available-sat = 1000  // If our balance goes below this,
        max-htlc-sat =  0     // set the maximum HTLC amount to this (or htlc-minimum-msat if it's higher).
    },{
        available-sat = 10000
        max-htlc-sat =  1000
    }]

    min-time-between-updates = 1 hour // minimum time between channel updates because the balance changed
}

This feature leaks a bit of information about the balance when the channel is almost empty, if you do not wish to use it, set eclair.channel.channel-update.balance-thresholds = [].

API changes

• bumpforceclose can be used to make a force-close confirm faster, by spending the anchor output (#2743)
• open now takes an optional parameter --fundingFeeBudgetSatoshis to define the maximum acceptable value for the mining fee of the funding transaction. This mining fee can sometimes be unexpectedly high depending on available UTXOs in the wallet. Default value is 0.1% of the funding amount (#2808)
• rbfopen now takes a mandatory parameter --fundingFeeBudgetSatoshis, with the same semantics as for open (#2808)

Miscellaneous improvements and bug fixes

Use bitcoinheaders.net v2

Eclair uses https://bitcoinheaders.net/ as one of its sources of blockchain data to detect when our node is being eclipsed. The format of this service is changing, and the older format will be deprecated soon. We thus encourage eclair nodes to update to ensure that they still have access to this blockchain watchdog.

Force-closing anchor channels fee management

Various improvements have been made to force-closing channels that need fees to be attached using CPFP or RBF. Those changes ensure that eclair nodes don't end up paying unnecessarily high fees to force-close channels, even when the mempool is full.

Improve DB usage when closing channels

When channels that have relayed a lot of HTLCs are closed, we can forget the revocation data for all of those HTLCs and free up space in our DB. We previously did that synchronously, which meant deleting potentially millions of rows synchronously. This isn't a high priority task, so we're now asynchronously deleting that data in smaller batches.

Node operators can control the rate at which that data is deleted by updating the following values in eclair.conf:

// During normal channel operation, we need to store information about past HTLCs to be able to punish our peer if
// they publish a revoked commitment. Once a channel closes or a splice transaction confirms, we can clean up past
// data (which reduces the size of our DB). Since there may be millions of rows to delete and we don't want to slow
// down the node, we delete those rows in batches at regular intervals.
eclair.db.revoked-htlc-info-cleaner {
  // Number of rows to delete per batch: a higher value will clean up the DB faster, but may have a higher impact on performance.
  batch-size = 50000
  // Frequency at which batches of rows are deleted: a lower value will clean up the DB faster, but may have a higher impact on performance.
  interval = 15 minutes
}

See #2705 for more details.

Correctly unlock wallet inputs during transaction eviction

When the mempool is full and transactions are evicted, and potentially double-spent, the Bitcoin Core wallet cannot always safely unlock inputs.

Eclair is now automatically detecting such cases and telling Bitcoin Core to unlock inputs that are safe to use. This ensures that node operators don't end up with unavailable liquidity.

See #2817 and #2818 for more details.

Verifying signatures

You will need gpg and our release signing key 7A73FE77DE2C4027. Note that you can get it:

• from our website: https://acinq.co/pgp/drouinf.asc
• from github user @sstone, a committer on eclair: https://api.github.com/users/sstone/gpg_keys

To import our signing key:

$ gpg --import drouinf.asc

To verify the release file checksums and signatures:

$ gpg -d SHA256SUMS.asc > SHA256SUMS.stripped
$ sha256sum -c SHA256SUMS.stripped

Building

Eclair builds are deterministic. To reproduce our builds, please use the following environment (*):

• Ubuntu 22.04
• AdoptOpenJDK 11.0.22
• Maven 3.9.2

Use the following command to generate the eclair-node package:

mvn clean install -DskipTests

That should generate eclair-node/target/eclair-node-<version>-XXXXXXX-bin.zip with sha256 checksums that match the one we provide and sign in SHA256SUMS.asc

(*) You may be able to build the exact same artefacts with other operating systems or versions of JDK 11, we have not tried everything.

Upgrading

This release is fully compatible with previous eclair versions. You don't need to close your channels, just stop eclair, upgrade and restart.

Changelog

• 210b919 Back to dev (#2694)
• 194f5dd Find route for messages (#2656)
• da98e19 Simplify on-chain fee management (#2696)
• 1519dd0 Log requests for unknown channels as debug (#2700)
• 9db0063 Record begin and end timestamps for relays (#2701)
• 4c98e1c Correctly fail blinded payments after restart (#2704)
• 4216431 Use apache archives for mvn in Docker build (#2706)
• abf1dd3 Fix AuditDb test (#2707)
• cf46b64 Ignore commit_sig for aborted splice (#2709)
• 3e43611 Update dependencies (#2710)
• 47e0b83 Add quiescence negotiation (#2680)
• 4496ea7 Add more details to InvalidCommitmentSignatures (#2722)
• c7e47ba Propagate next remote commit failed htlcs upstream (#2718)
• 42249d5 Update to bitcoind 24.1 (#2711)
• ef25e32 Increase timeout for offer tests (#2725)
• 3547f87 Use bitcoin-lib 0.29 (#2708)
• 8d42052 Update kanela-agent version in starter scripts to match the version set in pom.xml (#2730)
• 841a8d9 Ignore pre-generated shutdown script when possible (#2738)
• 404e3d5 Set child splices as hints in watch-funding-spent (#2734)
• 948b4b9 Don't send splice_locked before tx_signatures (#2741)
• 148fc67 Add RPC to bump local commit fees (#2743)
• 6f87137 Delegate Bitcoin Core's private key management to Eclair (#2613)
• 4e339aa Allow specifying a bitcoin wallet with an empty name (#2737)
• 96ebbfe Limit how far we look into the blockchain (#2731)
• 59c612e Fix flaky coin selection tests (#2749)
• 55f9698 Fix tx_signatures retransmission (#2748)
• d4c502a Use bumpforceclose RPC to also bump remote commit fees (#2744)
• 70d150b Fix tests that expect network minimum feerate to be less than other rates (#2751)
• d274fc1 Allow splicing on non dual-funded channels (#2727)
• e3ba524 Improve startup resource usage (#2733)
• 3e1cc9d Update splice to handle pending committed htlcs (#2720)
• 37f3fbe Assume widely supported features (#2732)
• 5dfa0be Remove ChannelFeatures->ChannelType conversion (#2753)
• 0e4985c Poll bitcoind at startup instead of trying only once (#2739)
• a3b1f9f Handle splice with local/remote index mismatch (#2757)
• f6dbefd Add metrics on splicing (#2756)
• e199d15 Strip witness of interactive tx parents (#2755)
• e4103a2 Simplify dual-funded min-depth calculation (#2758)
• db8e0f9 Fixup! Add metrics on splicing (#2756) (#2759)
• 9ca9227 Adapt max HTLC amount to balance (#2703)
• 63a3c42 Ignore disabled edges for routing messages (#2750)
• 2879a54 Fix a flaky async payment triggerer test (#2764)
• ca3f681 Allow using outgoing channel id for onion messages (#2762)
• a3d90ad Use local dust limit in local commit fee computation (#2765)
• 5b11f76 Ignore duplicate dual-funding signatures (#2770)
• 5a37059 Fix tx_signatures ordering for splices (#2768)
• 12adf87 Abort interactive-tx during funding (#2769)
• 830335f Avoid unusable channels after a large splice (#2761)
• 35e318e Remove reserve check if splice contribution is positive (#2771)
• 73a2578 Fix wallet name in BitcoinCoreClientSpec (#2772)
• 5fa7d4b Nits (#2773)
• 0a833a5 Disable channel when closing (#2774)
• 7be7d5d Don't rebroadcast channel updates from update_fail_htlc (#2775)
• 772e2b2 Add support for sciddir_or_pubkey (#2752)
• e20b736 Add hints when features check fail (#2777)
• e73c1cf Use typed TxId (#2742)
• f0cb58a Add a txOut field to our InteractiveTxBuilder.Input interface (#2791)
• d4a498c Use bitcoinheaders.net v2 format (#2787)
• be4ed3c Update logback-classic (#2796)
• 9c4aad0 Dip into remote initiator reserve only for splices (#2797)
• eced7b9 Update bitcoin-lib (#2800)
• e05ed03 Fix some typos in CircularRebalancing documentation (#2804)
• 63a1d77 Fix typos in various comments (#2805)
• 3a49f5d FIX eclair-cli error code in case of HTTP problem (#2798)
• 61f1e1f Relay HTLC failure when inactive revoked commit confirms (#2801)
• a9b5903 Fixes for quiescence back ported from lightning-kmp (#2779)
• 3bd3d07 Send batch_size on commit_sig retransmit (#2809)
• c37df26 Add a funding fee budget (#2808)
• 5fb9fef Variable size for trampoline onion (#2810)
• e66e6d2 Trampoline to blinded (types only) (#2813)
• aae16cf Trampoline to blinded (#2811)
• 5b1c69c Add configurable threshold on maximum anchor fee (#2816)
• 3d8dc88 Abandon transactions whose ancestors have been double spent (#2818)
• b5e83a6 Add closing test reconnect with 3rd-stage txs (#2820)
• 599f9af Test bitcoind wallet behavior during mempool eviction (#2817)
• f41bd22 Asynchronously clean up obsolete HTLC info from DB (#2705)
• 62b739a fixup! Asynchronously clean up obsolete HTLC info from DB (#2705) (#2824)
• 86c4837 Relay onion messages to compact node id (#2821)
• e32044f Unlock utxos on reconnect when signatures haven't been sent (#2827)
• 0393cfc Add require_confirmed_inputs to RBF messages (#2783)
• cd4d9fd Unlock non-wallet inputs (#2828)
• 5d6a1db Skip anchor tx when remote commit has been evicted (#2830)
• 36a3c88 More fine grained support for fee diff errors (#2815)
• fd0cdf6 Allow plugins to set a dual funding contribution (#2829)
• 8723d35 Activate dual funding by default (#2825)