cmd/payments: reject invoices without payment secret or blinded paths

Ensure that a payment is only sent if the invoice includes either a
payment address (payment secret) or at least one blinded path. This
enforces invoice security requirements and prevents insecure payment
attempts.

Author: erickcestari

cmd/commands/cmd_payments.go

@@ -588,6 +588,14 @@ func SendPaymentRequest(ctx *cli.Context, req *routerrpc.SendPaymentRequest,
 			amt = invoiceAmt
 		}
 
+		// An invoice must include either a payment address or
+		// blinded paths.
+		if (len(decodeResp.PaymentAddr) == 0) &&
+			decodeResp.BlindedPaths == nil {
+			return fmt.Errorf("invoice must contain either a " +
+				"payment address or blinded paths")
+		}
+
 		// Calculate fee limit based on the determined amount.
 		feeLimit, err = retrieveFeeLimit(ctx, amt)
 		if err != nil {

docs/release-notes/release-notes-0.20.0.md

@@ -63,6 +63,8 @@
 # Technical and Architectural Updates
 ## BOLT Spec Updates
 
+* [Required invoices to include a payment address or blinded paths](https://github.com/lightningnetwork/lnd/pull/9752) to comply with updated BOLT specifications before accepting payments.
+
 ## Testing
 
 ## Database
@@ -72,3 +74,5 @@
 ## Tooling and Documentation
 
 # Contributors (Alphabetical Order)
+
+Erick Cestari