Merge pull request #9752 from erickcestari/reject-payment-without-invoice

routerrpc: reject payment to invoice that don't have payment secret or blinded paths

Author: ellemouton

docs/release-notes/release-notes-0.20.0.md

@@ -130,6 +130,9 @@ circuit. The indices are only available for forwarding events saved after v0.20.
   `channel_update` message and handle it explicitly throughout the code base 
   instead of extracting it from the TLV stream at various call-sites.
 
+* [Require invoices to include a payment address or blinded paths](https://github.com/lightningnetwork/lnd/pull/9752) 
+  to comply with updated BOLT 11 specifications before sending payments.
+
 ## Testing
 
 * Previously, automatic peer bootstrapping was disabled for simnet, signet and
@@ -152,6 +155,7 @@ circuit. The indices are only available for forwarding events saved after v0.20.
 * Abdulkbk
 * Boris Nagaev
 * Elle Mouton
+* Erick Cestari
 * Funyug
 * Mohamed Awnallah
 * Pins

lnrpc/routerrpc/router_backend.go

@@ -15,6 +15,7 @@ import (
 	"github.com/btcsuite/btcd/wire"
 	sphinx "github.com/lightningnetwork/lightning-onion"
 	"github.com/lightningnetwork/lnd/channeldb"
+	"github.com/lightningnetwork/lnd/clock"
 	"github.com/lightningnetwork/lnd/feature"
 	"github.com/lightningnetwork/lnd/fn/v2"
 	"github.com/lightningnetwork/lnd/htlcswitch"
@@ -118,6 +119,10 @@ type RouterBackend struct {
 	// ShouldSetExpEndorsement returns a boolean indicating whether the
 	// experimental endorsement bit should be set.
 	ShouldSetExpEndorsement func() bool
+
+	// Clock is the clock used to validate payment requests expiry.
+	// It is useful for testing.
+	Clock clock.Clock
 }
 
 // MissionControl defines the mission control dependencies of routerrpc.
@@ -980,11 +985,20 @@ func (r *RouterBackend) extractIntentFromSendRequest(
 		}
 
 		// Next, we'll ensure that this payreq hasn't already expired.
-		err = ValidatePayReqExpiry(payReq)
+		err = ValidatePayReqExpiry(r.Clock, payReq)
 		if err != nil {
 			return nil, err
 		}
 
+		// An invoice must include either a payment address or
+		// blinded paths.
+		if payReq.PaymentAddr.IsNone() &&
+			len(payReq.BlindedPaymentPaths) == 0 {
+
+			return nil, errors.New("payment request must contain " +
+				"either a payment address or blinded paths")
+		}
+
 		// If the amount was not included in the invoice, then we let
 		// the payer specify the amount of satoshis they wish to send.
 		// We override the amount to pay with the amount provided from
@@ -1001,7 +1015,7 @@ func (r *RouterBackend) extractIntentFromSendRequest(
 			if reqAmt != 0 {
 				return nil, errors.New("amount must not be " +
 					"specified when paying a non-zero " +
-					" amount invoice")
+					"amount invoice")
 			}
 
 			payIntent.Amount = *payReq.MilliSat
@@ -1370,10 +1384,10 @@ func UnmarshalFeatures(
 
 // ValidatePayReqExpiry checks if the passed payment request has expired. In
 // the case it has expired, an error will be returned.
-func ValidatePayReqExpiry(payReq *zpay32.Invoice) error {
+func ValidatePayReqExpiry(clock clock.Clock, payReq *zpay32.Invoice) error {
 	expiry := payReq.Expiry()
 	validUntil := payReq.Timestamp.Add(expiry)
-	if time.Now().After(validUntil) {
+	if clock.Now().After(validUntil) {
 		return fmt.Errorf("invoice expired. Valid until %v", validUntil)
 	}
 

lnrpc/routerrpc/router_backend_test.go

@@ -5,9 +5,11 @@ import (
 	"context"
 	"encoding/hex"
 	"testing"
+	"time"
 
 	"github.com/btcsuite/btcd/btcutil"
 	"github.com/btcsuite/btcd/chaincfg"
+	"github.com/lightningnetwork/lnd/lnmock"
 	"github.com/lightningnetwork/lnd/lnrpc"
 	"github.com/lightningnetwork/lnd/lnwire"
 	"github.com/lightningnetwork/lnd/record"
@@ -503,12 +505,22 @@ func TestExtractIntentFromSendRequest(t *testing.T) {
 		"g6aykds4ydvf2x9lpngqcfux3hv8qlraan9v3s9296r5w5eh959yzadgh5ck" +
 		"gjydgyfxdpumxtuk3p3caugmlqpz5necs"
 
+	const paymentReqMissingAddr = "lnbcrt100p1p70xwfzpp5qqqsyqcyq5rqwzqfq" +
+		"qqsyqcyq5rqwzqfqqqsyqcyq5rqwzqfqypqdpl2pkx2ctnv5sxxmmwwd5kge" +
+		"tjypeh2ursdae8g6twvus8g6rfwvs8qun0dfjkxaqnp4q0n326hr8v9zprg8" +
+		"gsvezcch06gfaqqhde2aj730yg0durunfhv669qypqqqz3uu8wnr7883qzxr" +
+		"566nuhled49fx6e6q0jn06w6gpgyznwzxwf8xdmye87kpx0y8lqtcgwywsau" +
+		"0jkm66evelkw7cggwlegp4anv3cq62wusm"
+
 	destNodeBytes, err := hex.DecodeString(destKey)
 	require.NoError(t, err)
 
 	target, err := route.NewVertexFromBytes(destNodeBytes)
 	require.NoError(t, err)
 
+	mockClock := &lnmock.MockClock{}
+	mockClock.On("Now").Return(time.Date(2025, 3, 1, 13, 0, 0, 0, time.UTC))
+
 	testCases := []extractIntentTestCase{
 		{
 			name:    "Time preference out of range",
@@ -706,6 +718,7 @@ func TestExtractIntentFromSendRequest(t *testing.T) {
 					return false
 				},
 				ActiveNetParams: &chaincfg.RegressionNetParams,
+				Clock:           mockClock,
 			},
 			sendReq: &SendPaymentRequest{
 				Amt:            int64(paymentAmount),
@@ -714,6 +727,23 @@ func TestExtractIntentFromSendRequest(t *testing.T) {
 			valid:            false,
 			expectedErrorMsg: "invoice expired.",
 		},
+		{
+			name: "Invoice missing payment address",
+			backend: &RouterBackend{
+				ShouldSetExpEndorsement: func() bool {
+					return false
+				},
+				ActiveNetParams:  &chaincfg.RegressionNetParams,
+				MaxTotalTimelock: 1000,
+				Clock:            mockClock,
+			},
+			sendReq: &SendPaymentRequest{
+				PaymentRequest: paymentReqMissingAddr,
+			},
+			valid: false,
+			expectedErrorMsg: "payment request must contain " +
+				"either a payment address or blinded paths",
+		},
 		{
 			name: "Invalid dest vertex length",
 			backend: &RouterBackend{

rpcserver.go

@@ -697,6 +697,7 @@ func (r *rpcServer) addDeps(ctx context.Context, s *server,
 
 	routerBackend := &routerrpc.RouterBackend{
 		SelfNode: selfNode.PubKeyBytes,
+		Clock:    clock.NewDefaultClock(),
 		FetchChannelCapacity: func(chanID uint64) (btcutil.Amount,
 			error) {
 
@@ -5616,7 +5617,9 @@ func (r *rpcServer) extractPaymentIntent(rpcPayReq *rpcPaymentRequest) (rpcPayme
 		}
 
 		// Next, we'll ensure that this payreq hasn't already expired.
-		err = routerrpc.ValidatePayReqExpiry(payReq)
+		err = routerrpc.ValidatePayReqExpiry(
+			r.routerBackend.Clock, payReq,
+		)
 		if err != nil {
 			return payIntent, err
 		}