Bolt11 invoices: do not re-encode amounts (#771)

docker-lordvf6ik · pm47 · docker-lordvf6ik · commit 7b7968e201b3 · 2025-03-25T15:20:09.000+01:00
* Bolt11 invoices: do not re-encode amounts

Bolt11 amounts may not be minimally encoded (the specs says they SHOULD be but it's not a hard requirement).
We should preserve the original amount encoding: if it was not minimally encoded and we re-encode it using its
minimal representation (for example "5" instead of "5000m") then read() will fail to verify the invoice checksum and return an "invoice isn't canonically encoded" error.   
---------

Co-authored-by: Pierre-Marie Padiou &lt;pm47@users.noreply.github.com&gt;
diff --git a/modules/core/src/commonMain/kotlin/fr/acinq/lightning/payment/Bolt11Invoice.kt b/modules/core/src/commonMain/kotlin/fr/acinq/lightning/payment/Bolt11Invoice.kt
@@ -13,14 +13,22 @@ import fr.acinq.lightning.utils.*
 import fr.acinq.lightning.wire.LightningCodecs
 import kotlin.experimental.and
 
+/**
+ * @param encodedAmount We counterintuitively store the string-serialized amount instead of the numeric value. The goal is to preserve the
+ *                      validity of the signature for invoices generated by 3rd party software when the amount is not canonically encoded.
+ */
 data class Bolt11Invoice(
     val prefix: String,
-    override val amount: MilliSatoshi?,
+    val encodedAmount: String,
     val timestampSeconds: Long,
     override val nodeId: PublicKey,
     val tags: List<TaggedField>,
     val signature: ByteVector
 ) : PaymentRequest() {
+    constructor(prefix: String, amount: MilliSatoshi?, timestampSeconds: Long, nodeId: PublicKey, tags: List<TaggedField>, signature: ByteVector): this(prefix, encodeAmount(amount), timestampSeconds, nodeId, tags, signature)
+
+    override val amount: MilliSatoshi? = decodeAmount(encodedAmount)
+
     val chain: Chain? get() = prefixes.entries.firstOrNull { it.value == prefix }?.key
 
     override val paymentHash: ByteVector32 get() = tags.find { it is TaggedField.PaymentHash }!!.run { (this as TaggedField.PaymentHash).hash }
@@ -60,7 +68,7 @@ data class Bolt11Invoice(
         else -> timestampSeconds + expirySeconds <= currentTimestampSeconds
     }
 
-    private fun hrp() = prefix + encodeAmount(amount)
+    private fun hrp() = prefix + encodedAmount
 
     private fun rawData(): List<Int5> {
         val data5 = ArrayList<Int5>()
@@ -147,7 +155,7 @@ data class Bolt11Invoice(
 
             return Bolt11Invoice(
                 prefix = prefix,
-                amount = amount,
+                encodedAmount = encodeAmount(amount),
                 timestampSeconds = timestampSeconds,
                 nodeId = privateKey.publicKey(),
                 tags = tags,
@@ -165,7 +173,7 @@ data class Bolt11Invoice(
         fun read(input: String): Try<Bolt11Invoice> = runTrying {
             val (hrp, data) = Bech32.decode(input)
             val prefix = prefixes.values.find { hrp.startsWith(it) } ?: throw IllegalArgumentException("unknown prefix $hrp")
-            val amount = decodeAmount(hrp.drop(prefix.length))
+            val encodedAmount = hrp.drop(prefix.length)
             val timestamp = decodeTimestamp(data.toList())
             // signature and recovery id, encoded on 65 bytes = 5 * 13 bytes = 5 * 13 * 8 bits =  8 * 13 "5-bits integers"
             val sigandrecid = toByteArray(data.copyOfRange(data.size - 8 * 13, data.size).toList())
@@ -203,7 +211,7 @@ data class Bolt11Invoice(
             }
 
             loop(data.drop(7).dropLast(104))
-            val pr = Bolt11Invoice(prefix, amount, timestamp, nodeId, tags, sigandrecid.toByteVector())
+            val pr = Bolt11Invoice(prefix, encodedAmount, timestamp, nodeId, tags, sigandrecid.toByteVector())
             require(pr.signedPreimage().contentEquals(tohash)) { "invoice isn't canonically encoded" }
             pr
         }
diff --git a/modules/core/src/commonTest/kotlin/fr/acinq/lightning/payment/Bolt11InvoiceTestsCommon.kt b/modules/core/src/commonTest/kotlin/fr/acinq/lightning/payment/Bolt11InvoiceTestsCommon.kt
@@ -540,6 +540,16 @@ class Bolt11InvoiceTestsCommon : LightningTestSuite() {
         assertNull(pr1.description)
     }
 
+    @Test
+    fun `decode and re-encode non-canonically encoded invoice`() {
+        // invoice encoding is not canonical: 5000m should be 5
+        val encodedInvoice = createInvoiceUnsafe(5.btc.toMilliSatoshi()).copy(encodedAmount = "5000m").write()
+        assertTrue { encodedInvoice.startsWith("lnbcrt5000m") }
+        val invoice = Bolt11Invoice.read(encodedInvoice).get()
+        val reencodedInvoice = invoice.write()
+        assertEquals(encodedInvoice, reencodedInvoice)
+    }
+
     companion object {
         fun createInvoiceUnsafe(
             amount: MilliSatoshi? = null,
@@ -576,5 +586,4 @@ class Bolt11InvoiceTestsCommon : LightningTestSuite() {
             ).sign(privateKey)
         }
     }
-
 }

Original file line number	Diff line number	Diff line change
`@@ -540,6 +540,16 @@ class Bolt11InvoiceTestsCommon : LightningTestSuite() {`
`540`	`540`	`assertNull(pr1.description)`
`541`	`541`	`}`
`542`	`542`
	`543`	`+ @Test`
	`544`	+ fun `decode and re-encode non-canonically encoded invoice`() {
	`545`	`+ // invoice encoding is not canonical: 5000m should be 5`
	`546`	`+ val encodedInvoice = createInvoiceUnsafe(5.btc.toMilliSatoshi()).copy(encodedAmount = "5000m").write()`
	`547`	`+ assertTrue { encodedInvoice.startsWith("lnbcrt5000m") }`
	`548`	`+ val invoice = Bolt11Invoice.read(encodedInvoice).get()`
	`549`	`+ val reencodedInvoice = invoice.write()`
	`550`	`+ assertEquals(encodedInvoice, reencodedInvoice)`
	`551`	`+ }`
	`552`	`+`
`543`	`553`	`companion object {`
`544`	`554`	`fun createInvoiceUnsafe(`
`545`	`555`	`amount: MilliSatoshi? = null,`
`@@ -576,5 +586,4 @@ class Bolt11InvoiceTestsCommon : LightningTestSuite() {`
`576`	`586`	`).sign(privateKey)`
`577`	`587`	`}`
`578`	`588`	`}`
`579`		`-`
`580`	`589`	`}`