Open and accept zero reserve channels

[tankyleo]

Fixes #1801

[ldk-reviews-bot]

👋 Thanks for assigning @carlaKC as a reviewer!
I'll wait for their review and will help manage the review process.
Once they submit their review, I'll check if a second reviewer would be helpful.

[codecov]

Codecov Report

❌ Patch coverage is 78.79147% with 179 lines in your changes missing coverage. Please review.
✅ Project coverage is 86.14%. Comparing base (d830f10) to head (6a49cf6).

Files with missing lines	Patch %	Lines
lightning/src/ln/channel.rs	70.74%	155 Missing and 3 partials ⚠️
lightning/src/ln/channelmanager.rs	83.33%	16 Missing ⚠️
lightning/src/ln/msgs.rs	94.87%	4 Missing ⚠️
lightning/src/sign/tx_builder.rs	99.21%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4428      +/-   ##
==========================================
- Coverage   86.18%   86.14%   -0.05%     
==========================================
  Files         160      160              
  Lines      107536   108071     +535     
  Branches   107536   108071     +535     
==========================================
+ Hits        92680    93094     +414     
- Misses      12231    12353     +122     
+ Partials     2625     2624       -1     

Flag	Coverage Δ
tests	86.14% <78.79%> (-0.05%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[TheBlueMatt]

chanmon_consistency needs to be updated to have a 0-reserve channel or two (I believe we now have three channels between each pair of peers, so we can just do it on a subset of them, in fact we could have three separate channel types for better coverage).

[TheBlueMatt]

nit: If that's the only difference let's say create_channel_to_trusted_peer_0_reserve? Nice to be explicit, imo.

[TheBlueMatt]

Two questions. Shouldn't we check that if a channel has the 0-reserve feature bit and if it is fail if the user isn't accepting 0-reserve? Also why shouldn't we just set it now? I'm not sure we need to bother with a staging bit, really, honestly...

[TheBlueMatt]

Needs rebase now :/

[tankyleo]

Needs rebase now :/

Let me know if you prefer I rebase first

[TheBlueMatt]

Feel free to go ahead and rebase and squash, yea.

[tankyleo]

Squash diff (do not click compare just above, I pushed the wrong branch, and later corrected it):

https://github.com/lightningdevkit/rust-lightning/compare/253db4d9a05cda43f74c2835448126d3205b27b8..43be438f70ba28ad7918e407026a78763ac2b368

[tankyleo]

git range-diff main 43be438 7fde002

1:  bfba6e993 ! 1:  b916c3596 Add inbound and outbound checks for zero reserve channels
    @@ lightning/src/ln/channel.rs: impl FundingScope {

                // New reserve values are based on the new channel value and are v2-specific
     -          let counterparty_selected_channel_reserve_satoshis =
    --                  Some(get_v2_channel_reserve_satoshis(post_channel_value, MIN_CHAN_DUST_LIMIT_SATOSHIS));
    +-                  get_v2_channel_reserve_satoshis(post_channel_value, MIN_CHAN_DUST_LIMIT_SATOSHIS);
     -          let holder_selected_channel_reserve_satoshis = get_v2_channel_reserve_satoshis(
     -                  post_channel_value,
     -                  context.counterparty_dust_limit_satoshis,
    @@ lightning/src/ln/channel.rs: impl FundingScope {
     +                  == 0
     +          {
     +                  // If we previously had a 0-value reserve, continue with the same reserve
    -+                  Some(0)
    ++                  0
     +          } else {
    -+                  Some(get_v2_channel_reserve_satoshis(post_channel_value, MIN_CHAN_DUST_LIMIT_SATOSHIS))
    ++                  get_v2_channel_reserve_satoshis(post_channel_value, MIN_CHAN_DUST_LIMIT_SATOSHIS)
     +          };
     +          let holder_selected_channel_reserve_satoshis =
     +                  if prev_funding.holder_selected_channel_reserve_satoshis == 0 {
    @@ lightning/src/sign/tx_builder.rs: fn get_next_commitment_stats(
        );

     @@ lightning/src/sign/tx_builder.rs: fn get_available_balances(
    -   let fee_spike_buffer_htlc =
                if channel_type.supports_anchor_zero_fee_commitments() { 0 } else { 1 };

    +   // Note that the feerate is 0 in zero-fee commitment channels, so this statement is a noop
     -  let local_feerate = feerate_per_kw
     +  let spiked_feerate = feerate_per_kw
                * if is_outbound_from_holder && !channel_type.supports_anchors_zero_fee_htlc_tx() {
2:  1f8ca6c66 = 2:  53fc9a354 Add 0-reserve to `accept_inbound_channel_from_trusted_peer`
3:  1b94f7cc3 = 3:  da0520818 Add `ChannelManager::create_channel_to_trusted_peer_0reserve`
4:  19b8d7943 = 4:  1905f94e7 Shakedown zero reserve channels
5:  de2366da4 = 5:  4e6a7527a Format `ChannelManager::create_channel_internal` and...
6:  43be438f7 = 6:  7fde002e7 Update `chanmon_consistency` to include 0FC and 0-reserve channels

[ldk-reviews-bot]

✅ Added second reviewer: @joostjager

[ldk-reviews-bot]

🔔 1st Reminder

Hey @TheBlueMatt @joostjager! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[ldk-reviews-bot]

🔔 1st Reminder

Hey @TheBlueMatt @joostjager! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[ldk-reviews-bot]

🔔 2nd Reminder

Hey @TheBlueMatt @joostjager! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[ldk-reviews-bot]

🔔 3rd Reminder

Hey @TheBlueMatt @carlaKC! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[carlaKC]

First pass - haven't gone through the tests yet.

[carlaKC]

Shouldn't we be setting the option_zero_reserve feature in lightning/bolts#1140?

[tankyleo]

Discussed offline, I'll hold off on signaling for now pending further spec discussions

[ldk-claude-review-bot]

Bug: accept_0reserve is silently ignored for V2/dual-funded channels. When the code path at the V2 branch (around line 10921) calls PendingV2Channel::new_inbound, it doesn't pass accept_0reserve — that function hardcodes is_0reserve = false (channel.rs line 14373-14375).

A user calling accept_inbound_channel_from_trusted_peer(id, node, 0, false, /*accept_0reserve=*/true, None) on a V2 channel open will believe they've set up zero-reserve, but the channel will be created with a normal 1% reserve.

Either:

• Pass accept_0reserve through to PendingV2Channel::new_inbound and wire it into the reserve calculation, or
• Return an APIError::APIMisuseError when accept_0reserve == true and the channel is V2, so the caller knows their intent was not honored.

[ldk-claude-review-bot]

nit: The $trusted_accept branch calls accept_inbound_channel_from_trusted_peer with (accept_0conf=false, accept_0reserve=true), which means the zero-reserve acceptance path never exercises zero-conf. Consider also fuzzing the combination (true, true) on at least one channel to cover the zero-conf + zero-reserve interaction path that test_zero_reserve_zero_conf_combined tests.

[tankyleo]

leaving this to a follow-up to this PR

[ldk-claude-review-bot]

Bug: The signature change from bool to Option<TrustedChannelFeatures> here was not propagated to the two #[cfg(ldk_test_vectors)] test functions that call OutboundV1Channel::new:

1. outbound_commitment_test() — currently passes false (around line 17032)
2. zero_fee_commitment_test_vectors() — currently passes false (around line 17757)

Both need to be updated to pass None instead of false. This won't be caught in normal CI since the tests are gated on #[cfg(ldk_test_vectors)], but will cause a compilation failure when running test vectors.

[tankyleo]

Highlights from previous review:

• rewrite tests for readability.
• add is_0reserve: bool parameter to get_holder_selected_channel_reserve_satoshis and get_v2_channel_reserve_satoshis to prevent forgetting to handle 0-reserve channels.
• exercise force-closes with a commitment that only has a single output, itself P2A.
• use an enum to represent 0-conf, 0-reserve features instead of bools to guard against mistakes.
• add zero-reserve to the internal API of V2 channels.

The branch with fixups for these items is here https://github.com/tankyleo/rust-lightning/releases/tag/2026-03-19-zero-reserve-fixups

[ldk-claude-review-bot]

nit: Consider adding #[derive(Clone, Copy)] (or at least Copy) on this fieldless enum. While Rust allows matching without Copy on fieldless enums (it reads only the discriminant), having Copy makes the intent explicit and avoids confusion for future maintainers. It also enables patterns like let ct = chan_type; if ever needed.

[ldk-claude-review-bot]

nit: The #[rustfmt::skip] removal on new_for_inbound_channel and new_for_outbound_channel reformats ~500 lines in the diff, burying the actual semantic changes (the trusted_channel_features parameter, zero-reserve validation relaxation, and minimum_depth logic). Consider splitting the formatting into a separate commit (the last commit message mentions formatting create_channel_internal but not these two functions).

[joostjager]

I don't think it is good to build out this way of increasing coverage. If chan type is part of the fuzz bytes, the fuzzer is able to zoom in on type-specific code paths.

[tankyleo]

thanks for taking a look ! see the commit below

[joostjager]

looks good

[ldk-claude-review-bot]

The previous code ran do_test twice per fuzz input — once with anchors=false, once with anchors=true — guaranteeing every corpus entry exercised both channel type families. The new code runs do_test only once, with the channel type extracted from the fuzz input byte.

This means existing fuzz corpus entries that were evolved to cover interesting states under the two-pass model now only exercise a single channel type (determined by whatever happens to be in bits 3-4 of byte 0). Corpus entries that were valuable because they triggered anchor-specific behaviour may now be routed to the Legacy path or vice-versa, effectively discarding coverage.

Consider keeping the multi-pass structure by iterating over ChanType variants, or at minimum re-minimizing the corpus after this change.

[ldk-claude-review-bot]

create_channel_to_trusted_peer_0reserve hardcodes TrustedChannelFeatures::ZeroReserve, meaning there's no API for opening an outbound channel with both zero-conf and zero-reserve. The accept side has ZeroConfZeroReserve, but the open side has no counterpart.

This asymmetry means a user who wants to create a zero-reserve channel and also trust the counterparty for zero-conf funding (e.g., a mutual trust scenario) can't do so from the opener side. They'd need to call create_channel_internal directly, which is private.

Consider either:

• Adding a trusted_channel_features parameter to create_channel_to_trusted_peer_0reserve, or
• Adding a separate create_channel_to_trusted_peer that takes TrustedChannelFeatures directly (analogous to the accept side's API).

[carlaKC]

one more q for adjust_boundaries_if_max_dust_htlc_produces_no_output, but otherwise nothing blocking from me!

Happy for squash + rebase when others are.

[carlaKC]

If is_outbound_from_holder = false, do we need to consider fees here at all?
Because the fee wouldn't be coming off our balance.

[tankyleo]

yes ! thank you carla for catching this

[carlaKC]

Just confirming my own understanding:

• Sender side: we check has_output against our spiked_feerate, a higher feerate makes us more likely to think that a HTLC is dust, and thus more likely to think that we'll have no outputs.
• Receiver side: we check has_output against our feerate_per_kw, a lower feerate makes us less likely to think that a HTLC is dust, and thus less likely to think that we'll have no outputs.

Send conservatively / receive permissively 👌

When we receive HTLCs from other impls, we're good provided that they have checked that the HTLC will result in our having outputs at the current commitment feerate. This means we won't run into funny force close issues if they happen to have a different spiked_feerate to us (which would be odd, but could happen).

[tankyleo]

Yes overall SGTM, thanks for checking.

Note that receiver side we've got two checks: the least permissive one is at validate_update_add_hltc, which checks outputs against the current feerate_per_kw, and fails the channel in case of failure. The stricter one happens at can_accept_incoming_htlc, where we check the remote commitment against 2 * feerate_per_kw, and fail the individual HTLC in case of failure, not the full channel.

From the spec, spiked_feerate is recommended to be 2 * feerate_per_kw, so we should be in sync with other implementations.

[carlaKC]

nit: slight preference to just have a vec<TrustedChannelFeatures> rather than try express combinations in an enum, but I don't think we're likely to add more options here so non-blocking.

[tankyleo]

Hmm on the public API, I'd rather keep things as constrained as possible, which the enum does. The Vec<TrustedChannelFeatures> route is more open-ended, and hence more open to misunderstanding / misuse.

[carlaKC]

Separate commit sgtm, agree on the dust limits you've stated 👌

[carlaKC]

nit: de-dup across tests

[tankyleo]

if you don't mind, I'd like to leave it as is: requiring people to jump to a different function to understand these two tests seems harder to understand for me. My own preference is to have the test "transcript" be easy to follow down the page instead of jumping to different functions.

[tankyleo]

1. fixups: https://github.com/tankyleo/rust-lightning/releases/tag/2026-03-23-zero-reserve-fixups
   a. make chan type part of the fuzz bytes
   b. allow the fundee to spend dust HTLCs up to the exact dust limit satoshis
2. squashed (no changes from 1): https://github.com/tankyleo/rust-lightning/releases/tag/2026-03-23-zero-reserve-squashed
3. then rebase, new HEAD is now 6a49cf6