Loop-in via loop-cli resulted in an RPC error, stating that the defined macaroon has expired.

[TrezorHannes]

Trying a loop-in via loop-cli resulted in an RPC error, stating that given macaroon has expired.

litloop in --amt 10000000 --last_hop "021c97a90a411ff2b10dc2a8e32de2f29d2fa49d41bfbb52bd416e460db0747d0d" - L-conf_target 12 --label LOOP-loop_in
Send on-chain:                           10000000 sat
Receive off-chain:                        9989890 sat
Estimated total fee:                        10110 sat

CONTINUE SWAP? (y/n): y
[loop] rpc error: code = Unknown desc = proxy error with context loop: invalid macaroon: caveat "time-before 2023-09-16T19:16:04.735190797Z" not satisfied: macaroon has expired

Reviewing the macaroon documentation on LND, and printing lncli printmacaroon --macaroon_file /path/to/macaroon didn't outline whether macaroons really expire, and if so, how to look those up and what would be require to renew / extent the expiration time.

What actually helped was restarting the litd.service. Even though the macaroon timestamp didn't change, the swap in actually proceeded successfully

admin@debian-nuc ~ ฿ sudo systemctl status litd.service 
[sudo] password for admin: 
* litd.service - Lightning Terminal Daemon
     Loaded: loaded (/etc/systemd/system/litd.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2023-09-15 15:47:42 CEST; 1 day 5h ago
   Main PID: 66784 (litd)
      Tasks: 14 (limit: 18699)
     Memory: 45.3M
        CPU: 14min 41.889s
     CGroup: /system.slice/litd.service
             `-66784 /usr/local/bin/litd

admin@debian-nuc ~ ฿ sudo systemctl restart litd.service 
P-loop_inian-nuc ~ ฿ litloop in --amt 10000000 --last_hop "021c97a90a411ff2b10dc2a8e32de2f29d2fa49d41bfbb52bd416e460db0747d0d" --conf_target 12 --label LOOP
Send on-chain:                           10000000 sat
Receive off-chain:                        9989890 sat
Estimated total fee:                        10110 sat

CONTINUE SWAP? (y/n): y
Swap initiated

Now with litd system-service restarted, I'm not sure whether I can replicate it. But perhaps lit's loop-cli is using a cached version of the macaroon, which expires at some point? Perhaps some insights from you could help either document it, or we found a bug eventually

Standalone binaries downloaded from GH.

alias litfaraday='frcli --rpcserver=localhost:8443 --tlscertpath=~/.lit/tls.cert'
alias litloop='loop --rpcserver=localhost:8443 --tlscertpath=~/.lit/tls.cert'
alias litpool='pool --rpcserver=localhost:8443 --tlscertpath=~/.lit/tls.cert'

litloop --version
loop version 0.22.0-beta commit=v0.22.0-beta

NUC 11th Gen Intel(R) Core(TM) i5-1135G7 @ 2.40GHz Linux debian-nuc 5.10.0-23-amd64 #1 SMP Debian 5.10.179-1 (2023-05-12) x86_64 GNU/Linux

PRETTY_NAME="Debian GNU/Linux 11 (bullseye)" NAME="Debian GNU/Linux" VERSION_ID="11" VERSION="11 (bullseye)" VERSION_CODENAME=bullseye

That's the only piece I found in litd.log which is relevant to the issue, but nothing insightful

2023-09-16 21:15:04.736 [INF] LITD: Handling gRPC request: /looprpc.SwapClient/GetLoopInQuote
2023-09-16 21:15:04.737 [INF] LOOPD: Loop in quote request received
2023-09-16 21:16:50.750 [INF] LITD: Handling gRPC request: /looprpc.SwapClient/LoopIn
2023-09-16 21:19:51.342 [INF] RPCS: Received new block notification: height=808020
2023-09-16 21:32:47.046 [DBG] LQDY: No rules configured for autoloop
2023-09-16 21:37:51.555 [INF] SGNL: Received terminated
2023-09-16 21:37:51.555 [INF] SGNL: Shutting down...
2023-09-16 21:37:51.555 [INF] SGNL: Gracefully shutting down.

[guggero]

Thanks for the info. Can you please tell us which version of litd you are running? I think this might have been the macaroon between litd and lnd, so not really related to loop itself (judging from the error message).

[guggero]

Also, are you running litd in remote lnd mode? Or what's the setting for lnd-mode=?

[TrezorHannes]

Thanks Oliver coming back to me.

I'm running litd with remote-lnd. My lit.conf missing the lnd-mode= setting, but assuming standard would be remote.

remote.lnd.rpcserver=127.0.0.1:10009
remote.lnd.macaroonpath=~/.lnd/data/chain/bitcoin/mainnet/admin.macaroon
remote.lnd.tlscertpath=~/.lnd/tls.cert

with rpc-middleware activated. And 🤦 of course, loop-version doesn't help here at all, haha.

litd -V
litd version 0.16.0-beta commit=lightning-terminal-v0.9.0-alpha

[guggero]

Oh, I think I might have found the issue. Is it possible that you waited more than 60 seconds between the CONTINUE SWAP? (y/n): question and actually pressing y? If that's possible, then I guess the solution would be to not create the gRPC client in the Loop CLI before asking for confirmation. Otherwise the macaroon (to which loopcli always adds a 60 second timeout after it is loaded from disk) would expire before it's actually being used.

[TrezorHannes]

Interesting scenario. I'm uncertain whether I had a minute delay between. But to validate, I'll try a > 60 second gap next time I'm looping-in or -out and will come back to you here. Mind if we leave the issue open until then?

[guggero]

Mind if we leave the issue open until then?

Sounds good, but now I'm actually pretty sure it must be this, since we don't add an expiry to any macaroon anywhere else.

By the way, you are using quite an old version of litd, I would highly recommend updating!

[TrezorHannes]

Mind if we leave the issue open until then?

Sounds good, but now I'm actually pretty sure it must be this, since we don't add an expiry to any macaroon anywhere

Will reconfirm, so we can look at how this could be mitigated.

By the way, you are using quite an old version of litd, I would highly recommend updating!

Aye 🖖

admin@debian-nuc /tmp ฿ litd --lnd.version
litd version 0.16.4-beta commit=lightning-terminal-v0.10.5-alpha

[TrezorHannes]

Can verify that this is solved with v0.10.5 onwards (have v0.12.2 running now)