Several splice negotiation failure paths are currently treated as peer-fatal errors even though the channel can remain usable. This makes local validation failures, stale RBF attempts, and certain abort races unnecessarily disruptive.
-
Invalid splice contributions
When a splice contribution is invalid, such as falling below min_funding_satoshis, violating zero-reserve balance rules, or becoming invalid after HTLC activity before quiescence, the node may emit a warning disconnect. These errors describe a bad splice attempt, not necessarily a broken channel or malicious peer.
This causes otherwise recoverable splice negotiation failures to require a peer disconnect and reconnect before the channel can continue normal operation.
-
RBF becoming unavailable
An RBF attempt can become stale while the channel is moving toward quiescence. For example, a previous splice candidate may lock in before the delayed RBF handshake finishes. The current handling can classify that condition as a disconnect-worthy protocol error.
This makes a normal timing race in splice/RBF negotiation look like a channel failure, even though the RBF attempt is the only stale state.
-
Abort before pending splice state exists
A splice can be queued behind quiescence before the channel has created active pending_splice negotiation state. If the peer aborts during that window, the channel may not have the state that the normal abort cleanup path expects.
This leaves the queued splice action and quiescence state difficult to unwind. Held updates may remain blocked because the channel is still waiting for the queued splice flow to complete or be cleaned up.
These issues make splice failure handling more severe than the underlying failure requires. They can force disconnects, strand queued splice state, or keep the channel quiescent after the splice attempt is no longer viable.
Discovered during development of #4657. AI first shot: joostjager@dcb9644
Several splice negotiation failure paths are currently treated as peer-fatal errors even though the channel can remain usable. This makes local validation failures, stale RBF attempts, and certain abort races unnecessarily disruptive.
Invalid splice contributions
When a splice contribution is invalid, such as falling below
min_funding_satoshis, violating zero-reserve balance rules, or becoming invalid after HTLC activity before quiescence, the node may emit a warning disconnect. These errors describe a bad splice attempt, not necessarily a broken channel or malicious peer.This causes otherwise recoverable splice negotiation failures to require a peer disconnect and reconnect before the channel can continue normal operation.
RBF becoming unavailable
An RBF attempt can become stale while the channel is moving toward quiescence. For example, a previous splice candidate may lock in before the delayed RBF handshake finishes. The current handling can classify that condition as a disconnect-worthy protocol error.
This makes a normal timing race in splice/RBF negotiation look like a channel failure, even though the RBF attempt is the only stale state.
Abort before pending splice state exists
A splice can be queued behind quiescence before the channel has created active
pending_splicenegotiation state. If the peer aborts during that window, the channel may not have the state that the normal abort cleanup path expects.This leaves the queued splice action and quiescence state difficult to unwind. Held updates may remain blocked because the channel is still waiting for the queued splice flow to complete or be cleaned up.
These issues make splice failure handling more severe than the underlying failure requires. They can force disconnects, strand queued splice state, or keep the channel quiescent after the splice attempt is no longer viable.
Discovered during development of #4657. AI first shot: joostjager@dcb9644