8f6d3d87bb
And add a check for new uses creeping in, since it got cut & paste
everywhere.
This means "this is a valid string, but truncate it to this many characters"
vs "%.*s" which means "only read this many characters of string":
```
['lightningd-3 2025-10-23T02:31:40.890Z **BROKEN** plugin-funder: Plugin marked as important, shutting down lightningd!']
--------------------------- Captured stderr teardown ---------------------------
#0 0x557da58ad1dc in printf_common(void*, char const*, __va_list_tag*) asan_interceptors.cpp.o
#1 0x557da5aff814 in json_out_addv /home/runner/work/lightning/lightning/ccan/ccan/json_out/json_out.c:239:11
#2 0x557da59740ce in plugin_logv /home/runner/work/lightning/lightning/plugins/libplugin.c:1777:2
#3 0x557da5969b6f in plugin_log /home/runner/work/lightning/lightning/plugins/libplugin.c:1934:2
#4 0x557da595c4f6 in datastore_del_success /home/runner/work/lightning/lightning/plugins/funder.c:161:2
#5 0x557da598b837 in handle_rpc_reply /home/runner/work/lightning/lightning/plugins/libplugin.c:1072:10
#6 0x557da598a4b0 in rpc_conn_read_response /home/runner/work/lightning/lightning/plugins/libplugin.c:1361:3
#7 0x557da5adbea5 in next_plan /home/runner/work/lightning/lightning/ccan/ccan/io/io.c:60:9
#8 0x557da5ae06ff in do_plan /home/runner/work/lightning/lightning/ccan/ccan/io/io.c:422:8
#9 0x557da5adfb58 in io_ready /home/runner/work/lightning/lightning/ccan/ccan/io/io.c:439:10
#10 0x557da5aec2ce in io_loop /home/runner/work/lightning/lightning/ccan/ccan/io/poll.c:455:5
#11 0x557da59757ac in plugin_main /home/runner/work/lightning/lightning/plugins/libplugin.c:2409:3
#12 0x557da594fe23 in main /home/runner/work/lightning/lightning/plugins/funder.c:1723:2
#13 0x7f6572229d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#14 0x7f6572229e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#15 0x557da588b584 in _start (/home/runner/work/lightning/lightning/plugins/funder+0x10d584) (BuildId: 71ba63ab577fc6fa60573d3e8555f6db7d5c584d)
0x624000009d28 is located 0 bytes to the right of 7208-byte region [0x624000008100,0x624000009d28)
allocated by thread T0 here:
#0 0x557da590e7f6 in __interceptor_realloc (/home/runner/work/lightning/lightning/plugins/funder+0x1907f6) (BuildId: 71ba63ab577fc6fa60573d3e8555f6db7d5c584d)
#1 0x557da5b2149b in tal_resize_ /home/runner/work/lightning/lightning/ccan/ccan/tal/tal.c:755:13
#2 0x557da59f2032 in membuf_tal_resize /home/runner/work/lightning/lightning/common/utils.c:203:2
#3 0x557da5b03934 in membuf_prepare_space_ /home/runner/work/lightning/lightning/ccan/ccan/membuf/membuf.c:45:12
#4 0x557da59d4289 in jsonrpc_io_read_ /home/runner/work/lightning/lightning/common/jsonrpc_io.c:127:2
#5 0x557da598a635 in rpc_conn_read_response /home/runner/work/lightning/lightning/plugins/libplugin.c:1366:9
#6 0x557da5adbea5 in next_plan /home/runner/work/lightning/lightning/ccan/ccan/io/io.c:60:9
#7 0x557da5ae06ff in do_plan /home/runner/work/lightning/lightning/ccan/ccan/io/io.c:422:8
#8 0x557da5adfb58 in io_ready /home/runner/work/lightning/lightning/ccan/ccan/io/io.c:439:10
#9 0x557da5aec2ce in io_loop /home/runner/work/lightning/lightning/ccan/ccan/io/poll.c:455:5
#10 0x557da59757ac in plugin_main /home/runner/work/lightning/lightning/plugins/libplugin.c:2409:3
#11 0x557da594fe23 in main /home/runner/work/lightning/lightning/plugins/funder.c:1723:2
#12 0x7f6572229d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
SUMMARY: AddressSanitizer: heap-buffer-overflow asan_interceptors.cpp.o in printf_common(void*, char const*, __va_list_tag*)
Shadow bytes around the buggy address:
0x0c487fff9350: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c487fff9360: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c487fff9370: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c487fff9380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c487fff9390: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c487fff93a0: 00 00 00 00 00[fa]fa fa fa fa fa fa fa fa fa fa
0x0c487fff93b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c487fff93c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c487fff93d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c487fff93e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c487fff93f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==26122==ABORTING
```
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Core Lightning (CLN): A specification compliant Lightning Network implementation in C
Core Lightning (previously c-lightning) is a lightweight, highly customizable and standard compliant implementation of the Lightning Network protocol.
Project Status
This implementation has been in production use on the Bitcoin mainnet since early 2018, with the launch of the Blockstream Store.
We recommend getting started by experimenting on testnet (testnet4 or regtest), but the implementation is considered stable and can be safely used on mainnet.
Reach Out to Us
Any help testing the implementation, reporting bugs, or helping with outstanding issues is very welcome. Don't hesitate to reach out to us on the implementation-specific mailing list, or on CLN Discord, or on CLN Telegram, or on IRC at dev/gen channel.
Getting Started
Core Lightning only works on Linux and macOS, and requires a locally (or remotely) running bitcoind (version 25.0 or above) that is fully caught up with the network you're running on, and relays transactions (ie with blocksonly=0).
Pruning (prune=n option in bitcoin.conf) is partially supported, see here for more details.
Installation
There are 3 supported installation options:
- Installation of a pre-compiled binary from the release page on GitHub.
- Using one of the provided docker images on the Docker Hub.
- Compiling the source code yourself as described in the installation documentation.
Starting lightningd
Regtest (local, fast-start) Option
If you want to experiment with lightningd, there's a script to set
up a bitcoind regtest test network of two local lightning nodes,
which provides a convenient start_ln helper. See the notes at the top
of the startup_regtest.sh file for details on how to use it.
. contrib/startup_regtest.sh
Mainnet Option
To test with real bitcoin, you will need to have a local bitcoind node running:
bitcoind -daemon
Wait until bitcoind has synchronized with the network.
Make sure that you do not have walletbroadcast=0 in your ~/.bitcoin/bitcoin.conf, or you may run into trouble.
Notice that running lightningd against a pruned node may cause some issues if not managed carefully, see below for more information.
You can start lightningd with the following command:
lightningd --network=bitcoin --log-level=debug
This creates a .lightning/ subdirectory in your home directory: see man -l doc/lightningd.8 (or https://docs.corelightning.org/docs) for more runtime options.
Using The JSON-RPC Interface
Core Lightning exposes a JSON-RPC 2.0 interface over a Unix Domain socket; the lightning-cli tool can be used to access it, or there is a python client library.
You can use lightning-cli help to print a table of RPC methods; lightning-cli help <command>
will offer specific information on that command.
Useful commands:
- newaddr: get a bitcoin address to deposit funds into your lightning node.
- listfunds: see where your funds are.
- connect: connect to another lightning node.
- fundchannel: create a channel to another connected node.
- invoice: create an invoice to get paid by another node.
- pay: pay someone else's invoice.
- plugin: commands to control extensions.
Care And Feeding Of Your New Lightning Node
Once you've started for the first time, there's a script called
contrib/bootstrap-node.sh which will connect you to other nodes on
the lightning network.
There are also numerous plugins available for Core Lightning which add capabilities: in particular there's a collection at: https://github.com/lightningd/plugins
For a less reckless experience, you can encrypt the HD wallet seed: see HD wallet encryption.
You can also chat to other users at Discord core-lightning; we are always happy to help you get started!
Opening A Channel
First you need to transfer some funds to lightningd so that it can
open a channel:
# Returns an address <address>
lightning-cli newaddr
lightningd will register the funds once the transaction is confirmed.
Alternatively you can generate a taproot address should your source of funds support it:
# Return a taproot address
lightning-cli newaddr p2tr
Confirm lightningd got funds by:
# Returns an array of on-chain funds.
lightning-cli listfunds
Once lightningd has funds, we can connect to a node and open a channel.
Let's assume the remote node is accepting connections at <ip>
(and optional <port>, if not 9735) and has the node ID <node_id>:
lightning-cli connect <node_id> <ip> [<port>]
lightning-cli fundchannel <node_id> <amount_in_satoshis>
This opens a connection and, on top of that connection, then opens a channel.
The funding transaction needs 3 confirmation in order for the channel to be usable, and 6 to be announced for others to use.
You can check the status of the channel using lightning-cli listpeers, which after 3 confirmations (1 on testnet) should say that state is CHANNELD_NORMAL; after 6 confirmations you can use lightning-cli listchannels to verify that the public field is now true.
Sending and Receiving Payments
Payments in Lightning are invoice based.
The recipient creates an invoice with the expected <amount> in
millisatoshi (or "any" for a donation), a unique <label> and a
<description> the payer will see:
lightning-cli invoice <amount> <label> <description>
This returns some internal details, and a standard invoice string called bolt11 (named after the BOLT #11 lightning spec).
The sender can feed this bolt11 string to the decodepay command to see what it is, and pay it simply using the pay command:
lightning-cli pay <bolt11>
Note that there are lower-level interfaces (and more options to these interfaces) for more sophisticated use.
Configuration File
lightningd can be configured either by passing options via the command line, or via a configuration file.
Command line options will always override the values in the configuration file.
To use a configuration file, create a file named config within your top-level lightning directory or network subdirectory
(eg. ~/.lightning/config or ~/.lightning/bitcoin/config). See man -l doc/lightningd-config.5.
A sample configuration file is available at contrib/config-example.
Further information
Pruning
Core Lightning requires JSON-RPC access to a fully synchronized bitcoind in order to synchronize with the Bitcoin network.
Access to ZeroMQ is not required and bitcoind does not need to be run with txindex like other implementations.
The lightning daemon will poll bitcoind for new blocks that it hasn't processed yet, thus synchronizing itself with bitcoind.
If bitcoind prunes a block that Core Lightning has not processed yet, e.g., Core Lightning was not running for a prolonged period, then bitcoind will not be able to serve the missing blocks, hence Core Lightning will not be able to synchronize anymore and will be stuck.
In order to avoid this situation you should be monitoring the gap between Core Lightning's blockheight using lightning-cli getinfo and bitcoind's blockheight using bitcoin-cli getblockchaininfo.
If the two blockheights drift apart it might be necessary to intervene.
HD wallet encryption
You can encrypt the hsm_secret content (which is used to derive the HD wallet's master key) by passing the --encrypted-hsm startup argument, or by using the hsmtool (which you can find in the tool/ directory at the root of this repo) with the encrypt method. You can unencrypt an encrypted hsm_secret using the hsmtool with the decrypt method.
If you encrypt your hsm_secret, you will have to pass the --encrypted-hsm startup option to lightningd. Once your hsm_secret is encrypted, you will not be able to access your funds without your password, so please beware with your password management. Also, beware of not feeling too safe with an encrypted hsm_secret: unlike for bitcoind where the wallet encryption can restrict the usage of some RPC command, lightningd always needs to access keys from the wallet which is thus not locked (yet), even with an encrypted BIP32 master seed.
Developers
Developers wishing to contribute should start with the developer guide here.