Open and accept zero reserve channels

[tankyleo]

Fixes #1801

[ldk-reviews-bot]

👋 Thanks for assigning @carlaKC as a reviewer!
I'll wait for their review and will help manage the review process.
Once they submit their review, I'll check if a second reviewer would be helpful.

[codecov]

Codecov Report

❌ Patch coverage is 78.74818% with 146 lines in your changes missing coverage. Please review.
✅ Project coverage is 85.91%. Comparing base (14e522f) to head (5fa3a7c).
⚠️ Report is 25 commits behind head on main.

Files with missing lines	Patch %	Lines
lightning/src/ln/channel.rs	70.64%	121 Missing and 2 partials ⚠️
lightning/src/ln/channelmanager.rs	81.70%	15 Missing ⚠️
lightning/src/ln/functional_test_utils.rs	94.33%	6 Missing ⚠️
lightning/src/sign/tx_builder.rs	97.46%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4428      +/-   ##
==========================================
- Coverage   85.94%   85.91%   -0.03%     
==========================================
  Files         159      159              
  Lines      104644   105103     +459     
  Branches   104644   105103     +459     
==========================================
+ Hits        89934    90298     +364     
- Misses      12204    12300      +96     
+ Partials     2506     2505       -1     

Flag	Coverage Δ
tests	85.91% <78.74%> (-0.03%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[TheBlueMatt]

chanmon_consistency needs to be updated to have a 0-reserve channel or two (I believe we now have three channels between each pair of peers, so we can just do it on a subset of them, in fact we could have three separate channel types for better coverage).

[TheBlueMatt]

nit: If that's the only difference let's say create_channel_to_trusted_peer_0_reserve? Nice to be explicit, imo.

[TheBlueMatt]

Two questions. Shouldn't we check that if a channel has the 0-reserve feature bit and if it is fail if the user isn't accepting 0-reserve? Also why shouldn't we just set it now? I'm not sure we need to bother with a staging bit, really, honestly...

[TheBlueMatt]

Needs rebase now :/

[tankyleo]

Needs rebase now :/

Let me know if you prefer I rebase first

[TheBlueMatt]

Feel free to go ahead and rebase and squash, yea.

[tankyleo]

Squash diff (do not click compare just above, I pushed the wrong branch, and later corrected it):

https://github.com/lightningdevkit/rust-lightning/compare/253db4d9a05cda43f74c2835448126d3205b27b8..43be438f70ba28ad7918e407026a78763ac2b368

[tankyleo]

git range-diff main 43be438 7fde002

1:  bfba6e993 ! 1:  b916c3596 Add inbound and outbound checks for zero reserve channels
    @@ lightning/src/ln/channel.rs: impl FundingScope {

                // New reserve values are based on the new channel value and are v2-specific
     -          let counterparty_selected_channel_reserve_satoshis =
    --                  Some(get_v2_channel_reserve_satoshis(post_channel_value, MIN_CHAN_DUST_LIMIT_SATOSHIS));
    +-                  get_v2_channel_reserve_satoshis(post_channel_value, MIN_CHAN_DUST_LIMIT_SATOSHIS);
     -          let holder_selected_channel_reserve_satoshis = get_v2_channel_reserve_satoshis(
     -                  post_channel_value,
     -                  context.counterparty_dust_limit_satoshis,
    @@ lightning/src/ln/channel.rs: impl FundingScope {
     +                  == 0
     +          {
     +                  // If we previously had a 0-value reserve, continue with the same reserve
    -+                  Some(0)
    ++                  0
     +          } else {
    -+                  Some(get_v2_channel_reserve_satoshis(post_channel_value, MIN_CHAN_DUST_LIMIT_SATOSHIS))
    ++                  get_v2_channel_reserve_satoshis(post_channel_value, MIN_CHAN_DUST_LIMIT_SATOSHIS)
     +          };
     +          let holder_selected_channel_reserve_satoshis =
     +                  if prev_funding.holder_selected_channel_reserve_satoshis == 0 {
    @@ lightning/src/sign/tx_builder.rs: fn get_next_commitment_stats(
        );

     @@ lightning/src/sign/tx_builder.rs: fn get_available_balances(
    -   let fee_spike_buffer_htlc =
                if channel_type.supports_anchor_zero_fee_commitments() { 0 } else { 1 };

    +   // Note that the feerate is 0 in zero-fee commitment channels, so this statement is a noop
     -  let local_feerate = feerate_per_kw
     +  let spiked_feerate = feerate_per_kw
                * if is_outbound_from_holder && !channel_type.supports_anchors_zero_fee_htlc_tx() {
2:  1f8ca6c66 = 2:  53fc9a354 Add 0-reserve to `accept_inbound_channel_from_trusted_peer`
3:  1b94f7cc3 = 3:  da0520818 Add `ChannelManager::create_channel_to_trusted_peer_0reserve`
4:  19b8d7943 = 4:  1905f94e7 Shakedown zero reserve channels
5:  de2366da4 = 5:  4e6a7527a Format `ChannelManager::create_channel_internal` and...
6:  43be438f7 = 6:  7fde002e7 Update `chanmon_consistency` to include 0FC and 0-reserve channels

[ldk-reviews-bot]

✅ Added second reviewer: @joostjager

[ldk-reviews-bot]

🔔 1st Reminder

Hey @TheBlueMatt @joostjager! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[ldk-reviews-bot]

🔔 1st Reminder

Hey @TheBlueMatt @joostjager! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[ldk-reviews-bot]

🔔 2nd Reminder

Hey @TheBlueMatt @joostjager! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[ldk-reviews-bot]

🔔 3rd Reminder

Hey @TheBlueMatt @carlaKC! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[carlaKC]

First pass - haven't gone through the tests yet.

[carlaKC]

Can we re-use check_no_outputs here? Could also return early if we don't need any action.

We'd need to change it to a saturating_sub, but I think that's okay because we have a checked_sub check of our balances on 321 after calling check_no_outputs anyway?

[tankyleo]

done below thank you !

[carlaKC]

Comment for (1) says "at the spiked feerate" but isn't tx_fee_sat is just our current feerate?

A more descriptive name would be helpful here (if you can thing of something less gross than max_output_preserving_fee?).

[tankyleo]

Comment for (1) says "at the spiked feerate" but isn't tx_fee_sat is just our current feerate?

See the callsites of the function; we always use the spiked_feerate as the feerate_per_kw parameter. I admit this is confusing, should I rename the function parameter to spiked_feerate ?

A more descriptive name would be helpful here (if you can thing of something less gross than max_output_preserving_fee?).

How is current_spiked_tx_fee_sat ? It would be consistent with the spiked_feerate style. With max_output_preserving_fee you want to highlight that we want to maintain an output on the commitment transaction even with a 2x increase in the feerate ?

[tankyleo]

went ahead with both variable renames below

[carlaKC]

Shouldn't we be setting the option_zero_reserve feature in lightning/bolts#1140?

[tankyleo]

Discussed offline, I'll hold off on signaling for now pending further spec discussions

[ldk-reviews-bot]

🔔 4th Reminder

Hey @TheBlueMatt @carlaKC! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[TheBlueMatt]

Needs rebase already :/

[ldk-claude-review-bot]

The comment says "If we previously had a 0-value reserve" but counterparty_selected_channel_reserve_satoshis is the reserve selected by the counterparty for us (i.e., the amount we must keep). If this was 0, it means the counterparty previously didn't require us to hold any reserve — not that "we had a 0-value reserve" in general. The comment is technically correct but could be clearer: e.g., "If the counterparty previously set our reserve to 0, continue with the same reserve."

Similarly, line 2801's comment says "If the counterparty previously had a 0-value reserve" for holder_selected_channel_reserve_satoshis — this is the reserve we selected for the counterparty. The phrasing is correct but could match the field semantics more precisely.

[ldk-claude-review-bot]

[ldk-reviews-bot]

🔔 1st Reminder

Hey @TheBlueMatt @carlaKC! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[ldk-reviews-bot]

🔔 5th Reminder

Hey @TheBlueMatt @carlaKC! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[carlaKC]

Went through the tx_builder changes together IRL, those lgtm.

Just one q on v2 and a few comments on breaking up the tests for readability.

[carlaKC]

(first time I posted this I think it got lost in the depths of GH).

Can we live without some of these helpers, because this accept step is the only one where we need to take a custom action?

Will add a few lines in do_test_accept_inbound_channel_from_trusted_peer_0reserve but the others are unaffected?

[tankyleo]

done below thank you

[carlaKC]

Can we pull these asserts out of the channel type branching? If we use the correct fee rate / anchor values for each different type (eg, zero for 0FC) then they're the same?

[tankyleo]

See the fixups below, let me know if the test now reads better. I made some overall cleanups to help with readability.

[carlaKC]

Same here I think? Asserts are common for sender_amount_msat, we may just sometimes have zero anchors/fees somtimes.

[tankyleo]

See the fixups below, as described above, I made a bigger reorg of the tests.

[carlaKC]

We've switched the dust limits used to floor channel reserve here - I think the counterparty's reserve should use the common_fields.dust_limit_satoshi and we should use MIN_CHAN_DUST_LIMIT_SATOSHIS for holder?

[tankyleo]

We've switched the dust limits used to floor channel reserve here

Yes claude's review has been screaming at me asking for a separate commit, will do this if you are good too.

I think the counterparty's reserve should use the common_fields.dust_limit_satoshis

The counterparty's reserve / holder_selected_channel_reserve_satoshis, should not be smaller than the counterparty's dust limit, msg.common_fields.dust_limit_satoshis here.

we should use MIN_CHAN_DUST_LIMIT_SATOSHIS for holder?

The holder's reserve / counterparty_selected_channel_reserve_satoshis, should not me smaller than the holder's dust limit, MIN_CHAN_DUST_LIMIT_SATOSHIS here.

Let me know if we agree, I believe the current diff is correct.

[carlaKC]

Nice changes here 👌

[carlaKC]

PaymentSucceeds is the only test case that's common to all of our channel types, and FailsReceiverUpdateAddHTLC has its own branch within the failure case here.

Wondering if these can be separated into different handlers with common setup to improve readability? Would also save our needing to check the channel type / NoOutputs combination above - just assert that ReceiverCanAcceptA/B is only running on static_remote_key, for example.

[tankyleo]

See the fixups below, these would all get squashed into the test commit.

[ldk-claude-review-bot]

Bug: FundingScope::new_for_splice preserves zero reserves from the previous funding, but validate_splice_contributions (line 12303) always recalculates reserves using get_v2_channel_reserve_satoshis(post_channel_value, ...), which never returns 0. This means splice validation is stricter than the actual reserve for zero-reserve channels.

Concrete scenario: if a zero-reserve channel party has a post-splice balance less than the standard v2 reserve (e.g., 500 sats when the v2 reserve calculates to 546+), the splice will be rejected at validation time, even though the actual post-splice FundingScope would have reserve=0 and the splice would be valid.

validate_splice_contributions should check the previous funding's reserve values and propagate zero reserves the same way new_for_splice does.

[ldk-claude-review-bot]

nit: Two adjacent bool parameters (accept_0conf, accept_0reserve) are easy to swap accidentally at call sites. Consider a small builder/options struct or at minimum adding // accept_0conf, accept_0reserve comments at every call site. Several existing call sites (e.g., chanmon_update_fail_tests.rs:3239) already read 0, true, false, None which is not self-documenting.

[ldk-claude-review-bot]

Bug: accept_0reserve is silently ignored for V2/dual-funded channels. When the code path at the V2 branch (around line 10921) calls PendingV2Channel::new_inbound, it doesn't pass accept_0reserve — that function hardcodes is_0reserve = false (channel.rs line 14373-14375).

A user calling accept_inbound_channel_from_trusted_peer(id, node, 0, false, /*accept_0reserve=*/true, None) on a V2 channel open will believe they've set up zero-reserve, but the channel will be created with a normal 1% reserve.

Either:

• Pass accept_0reserve through to PendingV2Channel::new_inbound and wire it into the reserve calculation, or
• Return an APIError::APIMisuseError when accept_0reserve == true and the channel is V2, so the caller knows their intent was not honored.

[ldk-claude-review-bot]

nit: The $trusted_accept branch calls accept_inbound_channel_from_trusted_peer with (accept_0conf=false, accept_0reserve=true), which means the zero-reserve acceptance path never exercises zero-conf. Consider also fuzzing the combination (true, true) on at least one channel to cover the zero-conf + zero-reserve interaction path that test_zero_reserve_zero_conf_combined tests.

[tankyleo]

leaving this to a follow-up to this PR

[ldk-claude-review-bot]

Bug: The signature change from bool to Option<TrustedChannelFeatures> here was not propagated to the two #[cfg(ldk_test_vectors)] test functions that call OutboundV1Channel::new:

1. outbound_commitment_test() — currently passes false (around line 17032)
2. zero_fee_commitment_test_vectors() — currently passes false (around line 17757)

Both need to be updated to pass None instead of false. This won't be caught in normal CI since the tests are gated on #[cfg(ldk_test_vectors)], but will cause a compilation failure when running test vectors.

[tankyleo]

Highlights from previous review:

• rewrite tests for readability.
• add is_0reserve: bool parameter to get_holder_selected_channel_reserve_satoshis and get_v2_channel_reserve_satoshis to prevent forgetting to handle 0-reserve channels.
• exercise force-closes with a commitment that only has a single output, itself P2A.
• use an enum to represent 0-conf, 0-reserve features instead of bools to guard against mistakes.
• add zero-reserve to the internal API of V2 channels.

The branch with fixups for these items is here https://github.com/tankyleo/rust-lightning/releases/tag/2026-03-19-zero-reserve-fixups

[ldk-claude-review-bot]

nit: Consider adding #[derive(Clone, Copy)] (or at least Copy) on this fieldless enum. While Rust allows matching without Copy on fieldless enums (it reads only the discriminant), having Copy makes the intent explicit and avoids confusion for future maintainers. It also enables patterns like let ct = chan_type; if ever needed.

[ldk-claude-review-bot]

nit: The #[rustfmt::skip] removal on new_for_inbound_channel and new_for_outbound_channel reformats ~500 lines in the diff, burying the actual semantic changes (the trusted_channel_features parameter, zero-reserve validation relaxation, and minimum_depth logic). Consider splitting the formatting into a separate commit (the last commit message mentions formatting create_channel_internal but not these two functions).

[joostjager]

I don't think it is good to build out this way of increasing coverage. If chan type is part of the fuzz bytes, the fuzzer is able to zoom in on type-specific code paths.