Introduce RenegotiatedFundingLocked monitor update variant

This is a new `ChannelMonitorUpdateStep` variant intended to be used
whenever a new funding transaction that was negotiated and applied via
the `RenegotiatedFunding` update reaches its intended confirmation depth
and both sides of the channel exchange `channel_ready`/`splice_locked`.
This commit primarily focuses on its use for splices, but future work
will expand where needed to support RBFs for a dual funded channel.

This monitor update ensures that the monitor can safely drop all prior
commitment data since it is now considered invalid/unnecessary. Once the
update is applied, only state for the new funding transaction is tracked
going forward, until the monitor receives another `RenegotiatedFunding`
update.

Author: wpaulino

lightning/src/chain/channelmonitor.rs

@@ -676,6 +676,9 @@ pub(crate) enum ChannelMonitorUpdateStep {
 		holder_commitment_tx: HolderCommitmentTransaction,
 		counterparty_commitment_tx: CommitmentTransaction,
 	},
+	RenegotiatedFundingLocked {
+		funding_txid: Txid,
+	},
 }
 
 impl ChannelMonitorUpdateStep {
@@ -690,6 +693,7 @@ impl ChannelMonitorUpdateStep {
 			ChannelMonitorUpdateStep::ChannelForceClosed { .. } => "ChannelForceClosed",
 			ChannelMonitorUpdateStep::ShutdownScript { .. } => "ShutdownScript",
 			ChannelMonitorUpdateStep::RenegotiatedFunding { .. } => "RenegotiatedFunding",
+			ChannelMonitorUpdateStep::RenegotiatedFundingLocked { .. } => "RenegotiatedFundingLocked",
 		}
 	}
 }
@@ -733,6 +737,9 @@ impl_writeable_tlv_based_enum_upgradable!(ChannelMonitorUpdateStep,
 		(3, holder_commitment_tx, required),
 		(5, counterparty_commitment_tx, required),
 	},
+	(12, RenegotiatedFundingLocked) => {
+		(1, funding_txid, required),
+	},
 );
 
 /// Indicates whether the balance is derived from a cooperative close, a force-close
@@ -1075,6 +1082,10 @@ impl FundingScope {
 	fn funding_txid(&self) -> Txid {
 		self.funding_outpoint().txid
 	}
+
+	fn is_splice(&self) -> bool {
+		self.channel_parameters.splice_parent_funding_txid.is_some()
+	}
 }
 
 impl Writeable for FundingScope {
@@ -1209,8 +1220,6 @@ pub(crate) struct ChannelMonitorImpl<Signer: EcdsaChannelSigner> {
 	// interface knows about the TXOs that we want to be notified of spends of. We could probably
 	// be smart and derive them from the above storage fields, but its much simpler and more
 	// Obviously Correct (tm) if we just keep track of them explicitly.
-	//
-	// TODO: Remove entries for stale funding transactions on `splice_locked`.
 	outputs_to_watch: HashMap<Txid, Vec<(u32, ScriptBuf)>>,
 
 	#[cfg(any(test, feature = "_test_utils"))]
@@ -3670,6 +3679,10 @@ impl<Signer: EcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 				);
 				return Err(());
 			}
+		} else if self.funding.is_splice() {
+			// If we've already spliced at least once, we're no longer able to RBF the original
+			// funding transaction.
+			return Err(());
 		}
 
 		self.outputs_to_watch.insert(
@@ -3681,6 +3694,39 @@ impl<Signer: EcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 		Ok(())
 	}
 
+	fn promote_funding(&mut self, new_funding_txid: Txid) -> Result<(), ()> {
+		let is_pending_splice = self.pending_funding.iter().any(|funding| funding.is_splice());
+
+		let new_funding = self
+			.pending_funding
+			.iter_mut()
+			.find(|funding| funding.funding_txid() == new_funding_txid);
+		if new_funding.is_none() {
+			return Err(());
+		}
+		let mut new_funding = new_funding.unwrap();
+
+		// `first_confirmed_funding_txo` is set to the first outpoint for the channel upon init.
+		// If an RBF happens and it confirms, this will no longer be accurate, so update it now
+		// if we know the RBF doesn't belong to a splice.
+		if !is_pending_splice && self.first_confirmed_funding_txo == self.funding.funding_outpoint()
+		{
+			self.first_confirmed_funding_txo = new_funding.funding_outpoint();
+		}
+
+		mem::swap(&mut self.funding, &mut new_funding);
+		self.onchain_tx_handler.update_after_renegotiated_funding_locked(
+			self.funding.current_holder_commitment_tx.clone(),
+			self.funding.prev_holder_commitment_tx.clone(),
+		);
+
+		for funding in self.pending_funding.drain(..) {
+			self.outputs_to_watch.remove(&funding.funding_txid());
+		}
+
+		Ok(())
+	}
+
 	#[rustfmt::skip]
 	fn update_monitor<B: Deref, F: Deref, L: Deref>(
 		&mut self, updates: &ChannelMonitorUpdate, broadcaster: &B, fee_estimator: &F, logger: &WithChannelMonitor<L>
@@ -3771,6 +3817,13 @@ impl<Signer: EcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 						ret = Err(());
 					}
 				},
+				ChannelMonitorUpdateStep::RenegotiatedFundingLocked { funding_txid } => {
+					log_trace!(logger, "Updating ChannelMonitor with locked renegotiated funding txid {}", funding_txid);
+					if let Err(_) = self.promote_funding(*funding_txid) {
+						log_error!(logger, "Unknown funding with txid {} became locked", funding_txid);
+						ret = Err(());
+					}
+				},
 				ChannelMonitorUpdateStep::ChannelForceClosed { should_broadcast } => {
 					log_trace!(logger, "Updating ChannelMonitor: channel force closed, should broadcast: {}", should_broadcast);
 					self.lockdown_from_offchain = true;
@@ -3823,7 +3876,8 @@ impl<Signer: EcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 					|ChannelMonitorUpdateStep::LatestCounterpartyCommitmentTX { .. }
 					|ChannelMonitorUpdateStep::ShutdownScript { .. }
 					|ChannelMonitorUpdateStep::CommitmentSecret { .. }
-					|ChannelMonitorUpdateStep::RenegotiatedFunding { .. } =>
+					|ChannelMonitorUpdateStep::RenegotiatedFunding { .. }
+					|ChannelMonitorUpdateStep::RenegotiatedFundingLocked { .. } =>
 						is_pre_close_update = true,
 				// After a channel is closed, we don't communicate with our peer about it, so the
 				// only things we will update is getting a new preimage (from a different channel)

lightning/src/chain/onchaintx.rs

@@ -1216,6 +1216,15 @@ impl<ChannelSigner: EcdsaChannelSigner> OnchainTxHandler<ChannelSigner> {
 		self.prev_holder_commitment = Some(replace(&mut self.holder_commitment, tx));
 	}
 
+	/// Replaces the current/prev holder commitment transactions spending the currently confirmed
+	/// funding outpoint with those spending the new funding outpoint.
+	pub(crate) fn update_after_renegotiated_funding_locked(
+		&mut self, current: HolderCommitmentTransaction, prev: Option<HolderCommitmentTransaction>,
+	) {
+		self.holder_commitment = current;
+		self.prev_holder_commitment = prev;
+	}
+
 	// Deprecated as of 0.2, only use in cases where it was not previously available.
 	pub(crate) fn channel_parameters(&self) -> &ChannelTransactionParameters {
 		&self.channel_transaction_parameters