lnrpc/invoicesrpc: clamp down on max invoice size

In this commit, we move to clamp down somewhat on the max invoice size
after the limit was removed as part of the mpp changes. In #4210, it was
reported that a value of -1, would underflow and end up as 18 million
BTC, which would trip checks w.r.t the max expressible value in mSAT.
In this commit, we clamp things down to 100k BTC, which should be more
than enough for anybody.

Fixes #4210.
This commit is contained in:
Olaoluwa Osuntokun 2020-04-21 16:42:52 -07:00
parent b4e98874de
commit 1e51ec0a2d
No known key found for this signature in database
GPG Key ID: BC13F65E2DC84465

@ -156,10 +156,22 @@ func AddInvoice(ctx context.Context, cfg *AddInvoiceConfig,
len(invoice.DescriptionHash)) len(invoice.DescriptionHash))
} }
// We set the max invoice amount to 100k BTC, which itself is several
// multiples off the current block reward.
maxInvoiceAmt := btcutil.Amount(btcutil.SatoshiPerBitcoin * 100000)
switch {
// The value of the invoice must not be negative. // The value of the invoice must not be negative.
if invoice.Value < 0 { case invoice.Value < 0:
return nil, nil, fmt.Errorf("payments of negative value "+ return nil, nil, fmt.Errorf("payments of negative value "+
"are not allowed, value is %v", invoice.Value) "are not allowed, value is %v", invoice.Value)
// Also ensure that the invoice is actually realistic, while preventing
// any issues due to underflow.
case invoice.Value.ToSatoshis() > maxInvoiceAmt:
return nil, nil, fmt.Errorf("invoice amount %v is "+
"too large, max is %v", invoice.Value.ToSatoshis(),
maxInvoiceAmt)
} }
amtMSat := invoice.Value amtMSat := invoice.Value