Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

channeldb/invoice: only allow pay-addr lookup w/ no query hash #5209

Merged
merged 1 commit into from
Apr 14, 2021
Merged

channeldb/invoice: only allow pay-addr lookup w/ no query hash #5209

merged 1 commit into from
Apr 14, 2021

Conversation

cfromknecht
Copy link
Contributor

@cfromknecht cfromknecht commented Apr 13, 2021
edited
Loading

This PR fixes a regression introduced in #5108.

Without this check, it's possible to send a probe HTLC w/ a valid
payment address but invalid payment hash that gets settled. Because
there was no assertion that the HTLC's payment hash matches the
invoice, the link would fail when it receives an invalid preimage for
the HTLC on its commitment.

@cfromknecht cfromknecht force-pushed the constrain-pay-addr-lookup branch 2 times, most recently from 9b4b50c to 3acb38d Compare April 13, 2021 18:57
@cfromknecht
channeldb/invoice: only allow pay-addr lookup w/ no query hash
f8d201a 
Without this check, it's possible to send a probe HTLC w/ a valid
payment address but invalid payment hash that gets settled. Because
there was no assertion that the HTLC's payment hash matches the
invoice, the link would fail when it receives an invalid preimage for
the HTLC on its commitment.
@cfromknecht cfromknecht force-pushed the constrain-pay-addr-lookup branch from 3acb38d to f8d201a Compare April 13, 2021 19:44
Roasbeef
Roasbeef approved these changes Apr 13, 2021
View reviewed changes
Copy link
Member

@Roasbeef Roasbeef left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🐚

@Roasbeef Roasbeef enabled auto-merge April 13, 2021 22:32
@Roasbeef Roasbeef requested a review from halseth April 13, 2021 22:32
halseth
halseth approved these changes Apr 14, 2021
View reviewed changes
Copy link
Contributor

@halseth halseth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, LGTM 👍

@Roasbeef Roasbeef merged commit c760b01 into lightningnetwork:master Apr 14, 2021
@cfromknecht cfromknecht deleted the constrain-pay-addr-lookup branch April 14, 2021 17:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@halseth halseth halseth approved these changes

@Roasbeef Roasbeef Roasbeef approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cfromknecht @Roasbeef @halseth