Use realistic relay defaults for DummyTlvs

Replace zeroed dummy-hop relay parameters with non-trivial default
fee, CLTV, and HTLC minimum values, and propagate these defaults into
blinded payinfo construction and routing tests.

Dummy hops only preserve their privacy value if they behave like
plausible forwarding hops. Realistic defaults ensure hidden hops affect
fees and CLTV like real relays, instead of standing out as zero-cost
padding.

Author: shaavan

lightning/src/blinded_path/payment.rs

@@ -392,15 +392,57 @@ pub struct DummyTlvs {
 	pub payment_constraints: PaymentConstraints,
 }
 
-impl Default for DummyTlvs {
-	fn default() -> Self {
-		let payment_relay =
-			PaymentRelay { cltv_expiry_delta: 0, fee_proportional_millionths: 0, fee_base_msat: 0 };
+// Default parameters used for dummy hops in blinded paths.
+//
+// These values are chosen to resemble typical forwarding hops while remaining
+// stable and predictable for tests.
 
-		let payment_constraints =
-			PaymentConstraints { max_cltv_expiry: u32::MAX, htlc_minimum_msat: 0 };
+/// Adds a realistic but stable CLTV cost per dummy hop.
+///
+/// The router folds this into the blinded path's advertised CLTV delta, so it must
+/// be non-trivial enough to model hidden relay latency while remaining predictable
+/// for tests and callers reasoning about timeout budgets.
+pub(crate) const DEFAULT_DUMMY_HOP_CLTV_EXPIRY_DELTA: u16 = 80;
 
-		Self { payment_relay, payment_constraints }
+/// Keeps dummy-hop fee aggregation linear and deterministic.
+///
+/// A non-zero proportional fee would compound across dummy hops and introduce rounding
+/// effects into blinded payinfo. The base fee still makes dummy hops look like plausible relays.
+pub(crate) const DEFAULT_DUMMY_HOP_FEE_PROPORTIONAL_MILLIONTHS: u32 = 0;
+
+/// Matches the default relay base fee used by the standard test channel configuration.
+///
+/// This keeps dummy hops aligned with typical forwarding hops in tests rather than
+/// making them appear unrealistically cheap or expensive.
+pub(crate) const DEFAULT_DUMMY_HOP_FEE_BASE_MSAT: u32 = 1000;
+
+/// Leaves the dummy hop's absolute CLTV ceiling effectively unbounded by default.
+///
+/// `PaymentConstraints::max_cltv_expiry` is interpreted as an absolute block height, so using a
+/// fixed low value here would cause dummy hops to reject otherwise-valid payments on live chains.
+pub(crate) const DEFAULT_DUMMY_HOP_MAX_CLTV_EXPIRY: u32 = u32::MAX;
+
+/// Matches the default test channel HTLC minimum.
+///
+/// The router takes the max of the introduction node's inbound HTLC minimum and this value,
+/// so keeping them aligned prevents dummy hops from unexpectedly tightening or loosening
+/// admission.
+pub(crate) const DEFAULT_DUMMY_HOP_HTLC_MINIMUM_MSAT: u64 = 1000;
+
+impl Default for DummyTlvs {
+	/// Returns the documented default relay requirements and constraints for synthetic hops.
+	fn default() -> Self {
+		Self {
+			payment_relay: PaymentRelay {
+				cltv_expiry_delta: DEFAULT_DUMMY_HOP_CLTV_EXPIRY_DELTA,
+				fee_proportional_millionths: DEFAULT_DUMMY_HOP_FEE_PROPORTIONAL_MILLIONTHS,
+				fee_base_msat: DEFAULT_DUMMY_HOP_FEE_BASE_MSAT,
+			},
+			payment_constraints: PaymentConstraints {
+				max_cltv_expiry: DEFAULT_DUMMY_HOP_MAX_CLTV_EXPIRY,
+				htlc_minimum_msat: DEFAULT_DUMMY_HOP_HTLC_MINIMUM_MSAT,
+			},
+		}
 	}
 }
 

lightning/src/ln/async_payments_tests.rs

@@ -11,7 +11,9 @@ use crate::blinded_path::message::{
 	BlindedMessagePath, MessageContext, NextMessageHop, OffersContext,
 };
 use crate::blinded_path::payment::{AsyncBolt12OfferContext, BlindedPaymentTlvs};
-use crate::blinded_path::payment::{DummyTlvs, PaymentContext};
+use crate::blinded_path::payment::{
+	DummyTlvs, PaymentContext, DEFAULT_DUMMY_HOP_CLTV_EXPIRY_DELTA,
+};
 use crate::chain::channelmonitor::{HTLC_FAIL_BACK_BUFFER, LATENCY_GRACE_PERIOD_BLOCKS};
 use crate::events::{
 	Event, EventsProvider, HTLCHandlingFailureReason, HTLCHandlingFailureType, PaidBolt12Invoice,
@@ -3034,11 +3036,16 @@ fn held_htlc_timeout() {
 	// Extract the release_htlc_om, but don't deliver it to the sender's LSP.
 	let _ = extract_release_htlc_oms(recipient, &[sender, sender_lsp, invoice_server]);
 
+	// Dummy hops add to the blinded path's total advertised CLTV delta.
+	let additional_cltv_expiry =
+		DEFAULT_PAYMENT_DUMMY_HOPS as u32 * DEFAULT_DUMMY_HOP_CLTV_EXPIRY_DELTA as u32;
+
 	// Connect blocks to the sender's LSP until they timeout the HTLC.
 	connect_blocks(
 		sender_lsp,
 		MIN_CLTV_EXPIRY_DELTA as u32
 			+ TEST_FINAL_CLTV
+			+ additional_cltv_expiry
 			+ HTLC_FAIL_BACK_BUFFER
 			+ LATENCY_GRACE_PERIOD_BLOCKS,
 	);

lightning/src/routing/router.rs

@@ -150,6 +150,7 @@ where
 		let network_graph = self.network_graph.deref().read_only();
 		let is_recipient_announced =
 			network_graph.nodes().contains_key(&NodeId::from_pubkey(&recipient));
+		let dummy_tlvs = DummyTlvs::default();
 
 		let paths = first_hops.into_iter()
 			.filter(|details| details.counterparty.features.supports_route_blinding())
@@ -176,12 +177,17 @@ where
 					None => return None,
 				};
 
-				let cltv_expiry_delta = payment_relay.cltv_expiry_delta as u32;
+				let cltv_expiry_delta = payment_relay.cltv_expiry_delta as u32
+					+ dummy_tlvs.payment_relay.cltv_expiry_delta as u32 * DEFAULT_PAYMENT_DUMMY_HOPS as u32;
+				let htlc_minimum_msat = cmp::max(
+					details.inbound_htlc_minimum_msat.unwrap_or(0),
+					dummy_tlvs.payment_constraints.htlc_minimum_msat,
+				);
 				let payment_constraints = PaymentConstraints {
 					max_cltv_expiry: tlvs.payment_constraints
 						.max_cltv_expiry
 						.saturating_add(cltv_expiry_delta),
-					htlc_minimum_msat: details.inbound_htlc_minimum_msat.unwrap_or(0),
+					htlc_minimum_msat,
 				};
 				Some(PaymentForwardNode {
 					tlvs: ForwardTlvs {
@@ -197,7 +203,7 @@ where
 			})
 			.map(|forward_node| {
 				BlindedPaymentPath::new_with_dummy_hops(
-					&[forward_node], recipient, &[DummyTlvs::default(); DEFAULT_PAYMENT_DUMMY_HOPS],
+					&[forward_node], recipient, &[dummy_tlvs; DEFAULT_PAYMENT_DUMMY_HOPS],
 					local_node_receive_key, tlvs.clone(), u64::MAX, MIN_FINAL_CLTV_EXPIRY_DELTA, &self.entropy_source, secp_ctx
 				)
 			})
@@ -209,7 +215,7 @@ where
 			_ => {
 				if network_graph.nodes().contains_key(&NodeId::from_pubkey(&recipient)) {
 					BlindedPaymentPath::new_with_dummy_hops(
-						&[], recipient, &[DummyTlvs::default(); DEFAULT_PAYMENT_DUMMY_HOPS],
+						&[], recipient, &[dummy_tlvs; DEFAULT_PAYMENT_DUMMY_HOPS],
 						local_node_receive_key, tlvs, u64::MAX, MIN_FINAL_CLTV_EXPIRY_DELTA, &self.entropy_source, secp_ctx
 					).map(|path| vec![path])
 				} else {