Validate amount_msats against invreq amount
#3535
Conversation
| @@ -1539,6 +1544,13 @@ impl TryFrom<PartialInvoiceTlvStream> for InvoiceContents { | |||
| experimental_offer_tlv_stream, experimental_invoice_request_tlv_stream, | |||
| ) | |||
| )?; | |||
|
|
|||
| if let Some(requested_amount_msats) = invoice_request.amount_msats() { | |||
There was a problem hiding this comment.
Should we check this against the offer's set amount as well?
There was a problem hiding this comment.
Yeah, fixed this and added tests as discussed offline. Now InvoiceRequest::amount_msats will infer the amount from the Offer::amount and InvoiceRequest::quantity, is possible. Added a new InvoiceRequest::has_amount_msats method as otherwise we can't determine whether the amount was explicitly set.
jkczyz
force-pushed
the
2025-01-invoice-amount
branch
from
bdf5dcb to
2ad61a0
Compare
jkczyz
changed the title
amount_msats against invoice and refund amountsamount_msats against invreq amount
|
LGTM, feel free to squash. |
|
CI is sad, I think it looks related to the PR |
Ah, right. I guess I need to rebase on |
Add a check to ensure that the amount_msats in an invoice matches the amount_msats specified in the invoice_request or offer (or refund). Reject the invoice as invalid if there is a mismatch between these amounts. Otherwise, an invoice may be paid with an amount greater than the requested amount. Co-authored-by: Ian Slane <[email protected]> Co-authored-by: Jeffrey Czyz <[email protected]>
When InvoiceRequest::amount_msats returns Some, it may have been inferred from the Offer::amount and InvoiceRequest::quantity. Add a method to InvoiceRequest for determining if the amount was explicitly set.
jkczyz
force-pushed
the
2025-01-invoice-amount
branch
from
2ad61a0 to
c2360be
Compare
|
Backported in #3536. |
| @@ -87,6 +87,14 @@ macro_rules! invoice_builder_methods_test { ( | |||
| $self: ident, $self_type: ty, $invoice_fields: expr, $return_type: ty, $return_value: expr | |||
| $(, $self_mut: tt)? | |||
| ) => { | |||
| #[cfg_attr(c_bindings, allow(dead_code))] | |||
| pub(crate) fn amount_msats_unchecked( | |||
There was a problem hiding this comment.
Ah, just realized this breaks CI because it doesn't work for --cfg=async_payments unfortunately. Happy to look into a fix if that helps
Add a check to ensure that the
amount_msatsin an invoice matches theamount_msatsspecified in theinvoice_requestoroffer(orrefund). Reject the invoice as invalid if there is a mismatch between these amounts. Otherwise, an invoice may be paid with an amount greater than the requested amount.