Periodically rebroadcast unconfirmed funding and splice transactions

ChannelManager broadcast channel funding and splice transactions
exactly once, at signing. If the broadcast was lost -- peer drop,
wallet restart, mempool eviction, low fee race -- nothing resent the
transaction, and the channel could stall waiting for a confirmation
that would never come. The BroadcasterInterface doc already promised
LDK would rebroadcast transactions that hadn't made it into a block;
this makes that accurate for funding and splice.

Each timer tick re-emits every channel's unconfirmed funding or splice
transaction through the existing broadcaster, stopping once the
on-chain confirmation height is set. The behavior self-heals on reorg,
since the confirmation height resets to zero there. For V1 batch
funding, per-tick deduping by txid merges each channel's
single-element TransactionType::Funding list into one broadcast call
naming every participating channel.

Includes a failing test documenting a known zero-conf issue: a splice
can be promoted before its tx confirms, after which the rebroadcast
emits TransactionType::Funding instead of TransactionType::Splice.
The fix is pending team feedback.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: jkczyz

lightning/src/ln/channel.rs

@@ -3159,6 +3159,15 @@ impl PendingFunding {
 			},
 		}
 	}
+
+	/// Returns the txid of the prior negotiated candidate that the latest one replaces, or
+	/// `None` for the first splice attempt (when there is no prior candidate).
+	fn last_replaced_txid(&self) -> Option<Txid> {
+		self.negotiated_candidates
+			.len()
+			.checked_sub(2)
+			.and_then(|idx| self.negotiated_candidates[idx].get_funding_txid())
+	}
 }
 
 #[derive(Debug)]
@@ -7201,6 +7210,79 @@ where
 		)
 	}
 
+	/// Returns the funding or splice transaction that should be rebroadcast because it has
+	/// not yet confirmed. Intended to be called periodically (e.g., from
+	/// [`ChannelManager::timer_tick_occurred`]).
+	///
+	/// Returns `None` when no rebroadcast is needed — the initial batch broadcast has not
+	/// happened yet, the relevant transaction is already confirmed, or (for the initial
+	/// funding only) the user is responsible for broadcasting
+	/// ([`ChannelContext::is_manual_broadcast`]). Splice rebroadcasts are not suppressed
+	/// by `is_manual_broadcast`: that flag applies to the initial V1 funding, while splice
+	/// transactions are always broadcast by LDK via the V2 interactive funding flow
+	/// regardless of how the initial channel was opened.
+	///
+	/// The initial-funding and splice branches are mutually exclusive: a splice can only
+	/// be initiated when the channel is [`ChannelState::ChannelReady`], which requires the
+	/// initial funding to have confirmed. If both somehow apply (e.g., a deep reorg
+	/// unconfirming a channel-ready channel with a pending splice), the initial funding
+	/// takes precedence, since the splice tx spends the initial-funding output and cannot
+	/// confirm without it.
+	///
+	/// [`ChannelManager::timer_tick_occurred`]: super::channelmanager::ChannelManager::timer_tick_occurred
+	pub(super) fn unconfirmed_funding_broadcast(&self) -> Option<(Transaction, TransactionType)> {
+		// Initial funding: rebroadcast while unconfirmed, as long as the initial batch
+		// broadcast has actually happened (i.e., WAITING_FOR_BATCH is clear) and the user
+		// isn't responsible for broadcasting.
+		let waiting_for_batch = matches!(
+			self.context.channel_state,
+			ChannelState::AwaitingChannelReady(flags) if flags.is_waiting_for_batch(),
+		);
+		if !self.context.is_manual_broadcast
+			&& !waiting_for_batch
+			&& self.funding.get_funding_tx_confirmation_height().is_none()
+		{
+			if let Some(tx) = &self.funding.funding_transaction {
+				return Some((
+					tx.clone(),
+					TransactionType::Funding {
+						channels: vec![(
+							self.context.counterparty_node_id,
+							self.context.channel_id,
+						)],
+					},
+				));
+			}
+		}
+
+		// Splice: rebroadcast the latest RBF candidate while unconfirmed. Mempool only
+		// admits one of the RBF siblings at a time (shared inputs), and the latest is the
+		// highest-feerate candidate by construction.
+		if let Some(pending) = &self.pending_splice {
+			let any_candidate_confirmed = pending
+				.negotiated_candidates
+				.iter()
+				.any(|f| f.get_funding_tx_confirmation_height().is_some());
+			if !any_candidate_confirmed {
+				if let Some(last_candidate) = pending.negotiated_candidates.last() {
+					if let Some(tx) = &last_candidate.funding_transaction {
+						return Some((
+							tx.clone(),
+							TransactionType::Splice {
+								counterparty_node_id: self.context.counterparty_node_id,
+								channel_id: self.context.channel_id,
+								contribution: pending.contributions.last().cloned(),
+								replaced_txid: pending.last_replaced_txid(),
+							},
+						));
+					}
+				}
+			}
+		}
+
+		None
+	}
+
 	fn has_pending_splice_awaiting_signatures(&self) -> bool {
 		self.pending_splice
 			.as_ref()
@@ -9358,16 +9440,11 @@ where
 					);
 				}
 
-				let replaced_txid =
-					pending_splice.negotiated_candidates.len().checked_sub(2).and_then(|idx| {
-						pending_splice.negotiated_candidates[idx].get_funding_txid()
-					});
-				let contribution = pending_splice.contributions.last().cloned();
 				let tx_type = TransactionType::Splice {
 					counterparty_node_id: self.context.counterparty_node_id,
 					channel_id: self.context.channel_id,
-					contribution,
-					replaced_txid,
+					contribution: pending_splice.contributions.last().cloned(),
+					replaced_txid: pending_splice.last_replaced_txid(),
 				};
 				funding_tx_signed.funding_tx = Some((funding_tx, tx_type));
 				funding_tx_signed.splice_negotiated = Some(splice_negotiated);

lightning/src/ln/channel_open_tests.rs

@@ -9,7 +9,7 @@
 
 //! Tests that test the channel open process.
 
-use crate::chain::chaininterface::LowerBoundedFeeEstimator;
+use crate::chain::chaininterface::{LowerBoundedFeeEstimator, TransactionType};
 use crate::chain::channelmonitor::{self, ChannelMonitorUpdateStep};
 use crate::chain::transaction::OutPoint;
 use crate::chain::{self, ChannelMonitorUpdateStatus};
@@ -2231,6 +2231,173 @@ pub fn test_batch_funding_close_after_funding_signed() {
 	assert!(nodes[0].node.list_channels().is_empty());
 }
 
+#[xtest(feature = "_externalize_tests")]
+pub fn test_funding_tx_rebroadcast() {
+	// Tests that `ChannelManager::timer_tick_occurred` periodically rebroadcasts an unconfirmed
+	// funding transaction, and that rebroadcasting stops once the transaction has been confirmed.
+	let chanmon_cfgs = create_chanmon_cfgs(2);
+	let node_cfgs = create_node_cfgs(2, &chanmon_cfgs);
+	let node_chanmgrs = create_node_chanmgrs(2, &node_cfgs, &[None, None]);
+	let nodes = create_network(2, &node_cfgs, &node_chanmgrs);
+
+	let node_b_id = nodes[1].node.get_our_node_id();
+
+	// Open a channel without confirming. `sign_funding_transaction` verifies the initial
+	// broadcast happened and clears the broadcaster, so the queue is empty from here on.
+	let tx = create_chan_between_nodes_with_value_init(&nodes[0], &nodes[1], 100_000, 10_000);
+	let funding_txo = OutPoint { txid: tx.compute_txid(), index: 0 };
+	let channel_id = ChannelId::v1_from_funding_outpoint(funding_txo);
+	assert!(nodes[0].tx_broadcaster.txn_broadcast().is_empty());
+
+	// The next timer tick should rebroadcast the funding transaction because it hasn't
+	// confirmed yet.
+	nodes[0].node.timer_tick_occurred();
+	let rebroadcast = nodes[0].tx_broadcaster.txn_broadcast_with_types();
+	assert_eq!(rebroadcast.len(), 1);
+	assert_eq!(rebroadcast[0].0, tx);
+	match &rebroadcast[0].1 {
+		TransactionType::Funding { channels } => {
+			assert_eq!(channels.as_slice(), &[(node_b_id, channel_id)]);
+		},
+		other => panic!("Expected Funding, got {:?}", other),
+	}
+
+	// The V1 acceptor does not have the funding transaction and must not rebroadcast.
+	nodes[1].node.timer_tick_occurred();
+	assert!(nodes[1].tx_broadcaster.txn_broadcast().is_empty());
+
+	// A subsequent tick before confirmation still rebroadcasts.
+	nodes[0].node.timer_tick_occurred();
+	assert_eq!(nodes[0].tx_broadcaster.txn_broadcast().len(), 1);
+
+	// Once the funding tx confirms, timer_tick_occurred should no longer rebroadcast.
+	mine_transaction(&nodes[0], &tx);
+	nodes[0].tx_broadcaster.clear();
+	nodes[0].node.timer_tick_occurred();
+	assert!(
+		nodes[0].tx_broadcaster.txn_broadcast().is_empty(),
+		"Should not rebroadcast after confirmation",
+	);
+}
+
+#[xtest(feature = "_externalize_tests")]
+pub fn test_funding_tx_rebroadcast_skipped_for_manual_broadcast() {
+	// Tests that `ChannelManager::timer_tick_occurred` does not rebroadcast the funding
+	// transaction when the user is responsible for broadcasting it
+	// (i.e., `ChannelContext::is_manual_broadcast`).
+	let mut cfg = UserConfig::default();
+	cfg.channel_handshake_config.minimum_depth = 1;
+	let chanmon_cfgs = create_chanmon_cfgs(2);
+	let node_cfgs = create_node_cfgs(2, &chanmon_cfgs);
+	let node_chanmgrs = create_node_chanmgrs(2, &node_cfgs, &[Some(cfg.clone()), Some(cfg)]);
+	let nodes = create_network(2, &node_cfgs, &node_chanmgrs);
+
+	let node_a_id = nodes[0].node.get_our_node_id();
+	let node_b_id = nodes[1].node.get_our_node_id();
+
+	assert!(nodes[0].node.create_channel(node_b_id, 100_000, 0, 42, None, None).is_ok());
+	let open_channel = get_event_msg!(nodes[0], MessageSendEvent::SendOpenChannel, node_b_id);
+	handle_and_accept_open_channel(&nodes[1], node_a_id, &open_channel);
+
+	let accept_channel = get_event_msg!(nodes[1], MessageSendEvent::SendAcceptChannel, node_a_id);
+	nodes[0].node.handle_accept_channel(node_b_id, &accept_channel);
+	let (temp_channel_id, _tx, funding_outpoint) =
+		create_funding_transaction(&nodes[0], &node_b_id, 100_000, 42);
+	nodes[0]
+		.node
+		.unsafe_manual_funding_transaction_generated(temp_channel_id, node_b_id, funding_outpoint)
+		.unwrap();
+	check_added_monitors(&nodes[0], 0);
+
+	let funding_created = get_event_msg!(nodes[0], MessageSendEvent::SendFundingCreated, node_b_id);
+	nodes[1].node.handle_funding_created(node_a_id, &funding_created);
+	check_added_monitors(&nodes[1], 1);
+	expect_channel_pending_event(&nodes[1], &node_a_id);
+
+	let funding_signed = get_event_msg!(nodes[1], MessageSendEvent::SendFundingSigned, node_a_id);
+	nodes[0].node.handle_funding_signed(node_b_id, &funding_signed);
+	check_added_monitors(&nodes[0], 1);
+	let _ = nodes[0].node.get_and_clear_pending_events();
+
+	// Only a FundingTxBroadcastSafe event was emitted; the broadcaster was never invoked.
+	assert!(nodes[0].tx_broadcaster.txn_broadcast().is_empty());
+
+	// A timer tick must not kick off a broadcast either — the user owns the funding tx.
+	nodes[0].node.timer_tick_occurred();
+	assert!(nodes[0].tx_broadcaster.txn_broadcast().is_empty());
+}
+
+#[xtest(feature = "_externalize_tests")]
+pub fn test_batch_funding_rebroadcast_dedupe() {
+	// Tests that when a batch funding transaction opens multiple channels, a timer-driven
+	// rebroadcast emits the transaction exactly once, with all funded channels merged into the
+	// `TransactionType::Funding { channels }` list.
+	let chanmon_cfgs = create_chanmon_cfgs(3);
+	let node_cfgs = create_node_cfgs(3, &chanmon_cfgs);
+	let node_chanmgrs = create_node_chanmgrs(3, &node_cfgs, &[None, None, None]);
+	let nodes = create_network(3, &node_cfgs, &node_chanmgrs);
+
+	let node_a_id = nodes[0].node.get_our_node_id();
+	let node_b_id = nodes[1].node.get_our_node_id();
+	let node_c_id = nodes[2].node.get_our_node_id();
+
+	let (tx, funding_created_msgs) = create_batch_channel_funding(
+		&nodes[0],
+		&[(&nodes[1], 100_000, 0, 42, None), (&nodes[2], 200_000, 0, 43, None)],
+	);
+
+	nodes[1].node.handle_funding_created(node_a_id, &funding_created_msgs[0]);
+	check_added_monitors(&nodes[1], 1);
+	expect_channel_pending_event(&nodes[1], &node_a_id);
+	let funding_signed_msg =
+		get_event_msg!(nodes[1], MessageSendEvent::SendFundingSigned, node_a_id);
+	nodes[0].node.handle_funding_signed(node_b_id, &funding_signed_msg);
+	check_added_monitors(&nodes[0], 1);
+
+	nodes[2].node.handle_funding_created(node_a_id, &funding_created_msgs[1]);
+	check_added_monitors(&nodes[2], 1);
+	expect_channel_pending_event(&nodes[2], &node_a_id);
+	let funding_signed_msg =
+		get_event_msg!(nodes[2], MessageSendEvent::SendFundingSigned, node_a_id);
+	nodes[0].node.handle_funding_signed(node_c_id, &funding_signed_msg);
+	check_added_monitors(&nodes[0], 1);
+
+	// The batch funding transaction has been broadcast once now that both channels' monitors
+	// completed.
+	let _ = nodes[0].node.get_and_clear_pending_events();
+	let initial = nodes[0].tx_broadcaster.txn_broadcast();
+	assert_eq!(initial.len(), 1);
+	assert_eq!(initial[0], tx);
+
+	// The channel IDs are derived from the outpoints in the funding tx. There's one outpoint
+	// per channel; their indices come from the funding script order the batch path uses.
+	let channel_id_b =
+		ChannelId::v1_from_funding_outpoint(OutPoint { txid: tx.compute_txid(), index: 0 });
+	let channel_id_c =
+		ChannelId::v1_from_funding_outpoint(OutPoint { txid: tx.compute_txid(), index: 1 });
+
+	// A timer tick rebroadcasts the batch funding transaction exactly once, and the merged
+	// `channels` list contains both funded channels.
+	nodes[0].node.timer_tick_occurred();
+	let rebroadcast = nodes[0].tx_broadcaster.txn_broadcast_with_types();
+	assert_eq!(rebroadcast.len(), 1);
+	assert_eq!(rebroadcast[0].0, tx);
+	match &rebroadcast[0].1 {
+		TransactionType::Funding { channels } => {
+			assert_eq!(channels.len(), 2);
+			assert!(channels.contains(&(node_b_id, channel_id_b)));
+			assert!(channels.contains(&(node_c_id, channel_id_c)));
+		},
+		other => panic!("Expected Funding, got {:?}", other),
+	}
+
+	// Confirm the funding transaction and verify no more rebroadcasts occur.
+	mine_transaction(&nodes[0], &tx);
+	nodes[0].tx_broadcaster.clear();
+	nodes[0].node.timer_tick_occurred();
+	assert!(nodes[0].tx_broadcaster.txn_broadcast().is_empty());
+}
+
 #[xtest(feature = "_externalize_tests")]
 pub fn test_funding_and_commitment_tx_confirm_same_block() {
 	// Tests that a node will forget the channel (when it only requires 1 confirmation) if the

lightning/src/ln/channelmanager.rs

@@ -8716,6 +8716,7 @@ impl<
 			let mut timed_out_mpp_htlcs = Vec::new();
 			let mut pending_peers_awaiting_removal = Vec::new();
 			let mut feerate_cache = new_hash_map();
+			let mut rebroadcasts: HashMap<Txid, (Transaction, TransactionType)> = new_hash_map();
 
 			{
 				let per_peer_state = self.per_peer_state.read().unwrap();
@@ -8800,6 +8801,27 @@ impl<
 									}
 								}
 
+								if let Some((tx, tx_type)) = funded_chan.unconfirmed_funding_broadcast() {
+									let txid = tx.compute_txid();
+									match rebroadcasts.entry(txid) {
+										hash_map::Entry::Vacant(e) => {
+											e.insert((tx, tx_type));
+										},
+										hash_map::Entry::Occupied(mut e) => {
+											// Merge batch-funded channel lists so all
+											// participants appear once.
+											if let (
+												TransactionType::Funding { channels: existing },
+												TransactionType::Funding { channels: new_channels },
+											) = (&mut e.get_mut().1, tx_type)
+											{
+												debug_assert_eq!(new_channels.len(), 1);
+												existing.extend(new_channels);
+											}
+										},
+									}
+								}
+
 								true
 							},
 							None => {
@@ -8863,6 +8885,23 @@ impl<
 				}
 			}
 
+			// Rebroadcast any unconfirmed funding/splice transactions outside the `per_peer_state`
+			// lock. The mempool/broadcaster is expected to be idempotent, so re-sending an already
+			// known transaction is harmless.
+			for (_txid, (tx, tx_type)) in rebroadcasts {
+				log_debug!(
+					self.logger,
+					"Rebroadcasting {} transaction {}",
+					match &tx_type {
+						TransactionType::Funding { .. } => "funding",
+						TransactionType::Splice { .. } => "splice",
+						_ => "unknown",
+					},
+					tx.compute_txid(),
+				);
+				self.tx_broadcaster.broadcast_transactions(&[(&tx, tx_type)]);
+			}
+
 			// When a peer disconnects but still has channels, the peer's `peer_state` entry in the
 			// `per_peer_state` is not removed by the `peer_disconnected` function. If the channels
 			// of to that peer is later closed while still being disconnected (i.e. force closed),