Router: account for min HTLC overpay violating another hop's max_htlc

See new test, the fuzzer found a panic in this case.

Author: valentinewallace

lightning/src/routing/router.rs

@@ -1294,6 +1294,16 @@ impl<'a> PaymentPath<'a> {
 			}
 		}
 	}
+	fn violates_max_htlc(&self) -> bool {
+		let mut hop_transferred_amount = self.get_value_msat() + self.get_total_fee_paid_msat();
+		for (hop, _) in self.hops.iter() {
+			if hop_transferred_amount > hop.candidate.effective_capacity().as_msat() {
+				return true
+			}
+			hop_transferred_amount = hop_transferred_amount.saturating_sub(hop.fee_msat);
+		}
+		false
+	}
 }
 
 #[inline(always)]
@@ -2285,6 +2295,7 @@ where L::Target: Logger {
 				debug_assert_eq!(payment_path.get_value_msat(), value_contribution_msat);
 				value_contribution_msat = cmp::min(value_contribution_msat, final_value_msat);
 				payment_path.update_value_and_recompute_fees(value_contribution_msat);
+				if payment_path.violates_max_htlc() { break 'path_construction }
 
 				// Since a path allows to transfer as much value as
 				// the smallest channel it has ("bottleneck"), we should recompute
@@ -7185,6 +7196,56 @@ mod tests {
 			assert_eq!(err, "Failed to find a path to the given destination");
 		} else { panic!() }
 	}
+
+	#[test]
+	fn min_htlc_overpay_violates_max_htlc() {
+		// Test that if overpaying to meet a later hop's min_htlc and causes us to violate an earlier
+		// hop's max_htlc, we discard that invalid path. Previously we would consider the path to be
+		// valid and hit a debug panic asserting that the used liquidity for a hop was less than its
+		// available liquidity limit.
+		let secp_ctx = Secp256k1::new();
+		let logger = Arc::new(ln_test_utils::TestLogger::new());
+		let network_graph = Arc::new(NetworkGraph::new(Network::Testnet, Arc::clone(&logger)));
+		let scorer = ln_test_utils::TestScorer::new();
+		let keys_manager = ln_test_utils::TestKeysInterface::new(&[0u8; 32], Network::Testnet);
+		let random_seed_bytes = keys_manager.get_secure_random_bytes();
+		let config = UserConfig::default();
+
+		// Values are taken from the fuzz input that uncovered this panic.
+		let amt_msat = 7_4009_8048;
+		let (_, our_id, _, nodes) = get_nodes(&secp_ctx);
+		let first_hop_outbound_capacity = 2_7345_2000;
+		let first_hops = vec![get_channel_details(
+			Some(200), nodes[0], channelmanager::provided_init_features(&config),
+			first_hop_outbound_capacity
+		)];
+
+		let route_hint = RouteHint(vec![RouteHintHop {
+			src_node_id: nodes[0],
+			short_channel_id: 44,
+			fees: RoutingFees {
+				base_msat: 1_6778_3453,
+				proportional_millionths: 0,
+			},
+			cltv_expiry_delta: 10,
+			htlc_minimum_msat: Some(2_5165_8240),
+			htlc_maximum_msat: Some(251_6582_4000),
+		}]);
+
+		let payment_params = PaymentParameters::from_node_id(nodes[1], 42)
+			.with_route_hints(vec![route_hint]).unwrap()
+			.with_bolt11_features(channelmanager::provided_invoice_features(&config)).unwrap();
+
+		let netgraph = network_graph.read_only();
+		let route_params = RouteParameters::from_payment_params_and_value(
+			payment_params, amt_msat);
+		if let Err(LightningError { err, .. }) = get_route(
+			&our_id, &route_params, &netgraph, Some(&first_hops.iter().collect::<Vec<_>>()),
+			Arc::clone(&logger), &scorer, &(), &random_seed_bytes
+		) {
+			assert_eq!(err, "Failed to find a path to the given destination");
+		} else { panic!() }
+	}
 }
 
 #[cfg(all(any(test, ldk_bench), not(feature = "no-std")))]