lightning-browser-extension: Invalid invoice (LNURL invoice check rejects invalid LNURL invoice)

Describe the bug

An invoice which contains route hints is considered invalid by Alby. The GUI reports following:

Payment aborted. Invalid invoice

To Reproduce Steps to reproduce the behavior:

  1. Visit to https://ln.anyone.eu.org/meta1.html
  2. Click on Alby extension button (which should be activated since the site contains appropriate meta tag).
  3. Click the Send Satoshis button.
  4. Click the Confirm button.
  5. See error

Expected behavior The payment process should be initiated with no Invalid invoice message, like when you do the same at https://ln.anyone.eu.org (which targets at anyone@coinos.io).

Information About Alby

  • Alby Version: 1.6.0
  • Alby installed through browser stores
  • Wallet connected with Alby: Alby LND

Device Information [optional]:

  • OS: Linux
  • Browser: Google Chrome (stable)
  • Browser Version: Version 98.0.4758.102 (Official Build) (64-bit)

Additional context The issue is not present when paying justsmile@stacker.news instead of anyone@ln.anyone.eu.org so here are the decoded invoices of the two:

$ lnaddr.sh justsmile@stacker.news 15000                                     
https://stacker.news/api/lnurlp/justsmile/pay?amount=15000
{"pr":"lnbc150n1p3rnd33pp5qrvzeyvn4j3454pg7a959l4mdhjp5hkg8khgj27gvttuf2y4zn7qhp5rh2046zf4yykuc77pt926gfrq9xmdyg7qmsqckq434q707d2ga7scqzpgxqr23ssp5gf8k52y73mpscsh4yuv8zz89mvg0mhwm76p39d0f73ctlvt49yzq9qyyssqfhwy0qa0377p2slghhxg4je6xxa4x609y39lvhwappy2p3pt977qp72ed2qsd07cgs5y5p5k50eznptqamaypsdzhq8xukvn6nxwdagp8xhcg0"}
$ lightning-cli decode lnbc150n1p3rnd33pp5qrvzeyvn4j3454pg7a959l4mdhjp5hkg8khgj27gvttuf2y4zn7qhp5rh2046zf4yykuc77pt926gfrq9xmdyg7qmsqckq434q707d2ga7scqzpgxqr23ssp5gf8k52y73mpscsh4yuv8zz89mvg0mhwm76p39d0f73ctlvt49yzq9qyyssqfhwy0qa0377p2slghhxg4je6xxa4x609y39lvhwappy2p3pt977qp72ed2qsd07cgs5y5p5k50eznptqamaypsdzhq8xukvn6nxwdagp8xhcg0
{
   "type": "bolt11 invoice",
   "currency": "bc",
   "created_at": 1647949361,
   "expiry": 10800,
   "payee": "03cc1d0932bb99b0697f5b5e5961b83ab7fd66f1efc4c9f5c7bad66c1bcbe78f02",
   "msatoshi": 15000,
   "amount_msat": "15000msat",
   "description_hash": "1dd4fae849a9096e63de0acaad2123014db6911e06e00c58158d41e7f9aa477d",
   "min_final_cltv_expiry": 40,
   "payment_secret": "424f6a289e8ec30c42f527187108e5db10fddddbf68312b5e9f470bfb1752904",
   "features": "024200",
   "payment_hash": "00d82c9193aca35a5428f74b42febb6de41a5ec83dae892bc862d7c4a89514fc",
   "signature": "304402204ddc4783af8fbc1543e8bdcc8acb3a31bb5369e5244bf65ddd0848a0c42b2fbc022000f9596a8106bfd844284a0696a3f2298560eefa40c1a2b80e6e5993d4cce6f5",
   "valid": true
}

Now the other invoice produced by CLN (c-lightning) which has issues in Alby:

$ ./lnaddr.sh anyone@ln.anyone.eu.org 15000                                    
Enter comment (maxLength: 255): forAlby
https://signetfaucet.bublina.eu.org/cgi-bin/lnurl.sh?amount=15000&comment=forAlby
{"pr":"lnbc150n1p3rnwm8pp5ks2uhszpsscwk35m7tsz5daqengsjpmulew5zs4fnjlpdgan2r2sdqa235xzmntypuk7afpypnx7ujpd338jxqyjw5qcqpjsp5ex6625qahu45uerr34xxcw00nu5cdf6dlexqup3nq3jgwz7dj2vqrzjq2rguyhnyqrnetgv99vugf2el08ar23jdl9egdyja4ls9jvzp23ejz40qsqqrcgqqqqqqqlgqqqqqqgq9q9qyysgqcrlhyz4qgqehsrwt6flq5a2cka0njglrlaf0q3ath8zuhyc2xm6xnwykmtuy840z6mphrzu2zy4m45dy08ewhemx8vdpsswy6y7snncpgtz30a"}
$ lightning-cli decode lnbc150n1p3rnwm8pp5ks2uhszpsscwk35m7tsz5daqengsjpmulew5zs4fnjlpdgan2r2sdqa235xzmntypuk7afpypnx7ujpd338jxqyjw5qcqpjsp5ex6625qahu45uerr34xxcw00nu5cdf6dlexqup3nq3jgwz7dj2vqrzjq2rguyhnyqrnetgv99vugf2el08ar23jdl9egdyja4ls9jvzp23ejz40qsqqrcgqqqqqqqlgqqqqqqgq9q9qyysgqcrlhyz4qgqehsrwt6flq5a2cka0njglrlaf0q3ath8zuhyc2xm6xnwykmtuy840z6mphrzu2zy4m45dy08ewhemx8vdpsswy6y7snncpgtz30a
{
   "type": "bolt11 invoice",
   "currency": "bc",
   "created_at": 1647950695,
   "expiry": 604800,
   "payee": "032de5c0f28f9d7d10c0c0b5ec92e83f9bf40def2bf40181c0f4330c57e58a8605",
   "msatoshi": 15000,
   "amount_msat": "15000msat",
   "description": "Thank you! forAlby",
   "min_final_cltv_expiry": 18,
   "payment_secret": "c9b5a5501dbf2b4e64638d4c6c39ef9f2986a74dfe4c0e06330464870bcd9298",
   "features": "024100",
   "routes": [
      [
         {
            "pubkey": "02868e12f320073cad0c2959c42559fbcfd1aa326fcb943492ed7f02c9820aa399",
            "short_channel_id": "700164x481x0",
            "fee_base_msat": 1000,
            "fee_proportional_millionths": 1,
            "cltv_expiry_delta": 40
         }
      ]
   ],
   "payment_hash": "b415cbc0418430eb469bf2e02a37a0ccd109077cfe5d4142a99cbe16a3b350d5",
   "signature": "3045022100c0ff720aa04033780dcbd27e0a7558b75f3923e3ff52f047abb9c5cb930a36f4022069b896daf843d5e2d6c3718b8a112bbad1a479f2ebe7663b1a1841c4d13d09cf",
   "valid": true
}

For lnaddr.sh script, have a look at https://github.com/jsarenik/cls.

Are you working on this issue? No, but let me know how can I help.

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 38 (7 by maintainers)

Commits related to this issue

Most upvoted comments

great! happy we could solve it and it works! đź‘Ť

+4
bumi on Apr 4, 2022

if this is the lnurl-pay response: https://ln.anyone.eu.org/.well-known/lnurlp/anyone

metadata":“[["text/identifier", "anyone@ln.anyone.eu.org"], ["text/plain", "anyone"]]”

then I think it checks the hash of [["text/identifier", "anyone@ln.anyone.eu.org"], ["text/plain", "anyone"]] - the hash of the stringified version of the metadata JSON.

does that help? do you include the text/identifier? this seems to be missing here: https://github.com/jsarenik/bitcoin-faucet-shell/blob/master/cgi-bin/lnurl.sh#L72 at least it is not using the same metadata as returned by the lnurl-pay JSON response.

+4
bumi on Apr 3, 2022

@jsarenik:

echo '{"method":"getinfo","params":{},"jsonrpc":"2.0","id":"0"}' | nc -U ~/.lightning/bitcoin/lightning-rpc

But do it with the invoice stuff instead.

+1
fiatjaf on Mar 31, 2022

I call lightning-cli from shell.

$ desc=test
$ lightning-cli -k invoice msatoshi=1000 label="lnurlp-test-$RANDOM" description="[[\"text/plain\", \"$desc\"]]" deschashonly=true
{
   "code": -32602,
   "message": "description: should be a string (without \\u): invalid token '[[\"text/plain\", \"test\"]]'"
}
+1
jsarenik on Mar 30, 2022

Pseudocode:

handle('/.well-known/lnurlp/username') => {
  return {
    ...,
    metadata: '[["text/plain", "my description"]]',
    callback: 'https://service.com/callback'
  }
}

handle('/callback') => {
  return {
    pr: make_invoice(description_hash=sha256('[["text/plain", "my description"]]', msatoshi=request.qs.amount))
  }
}
+1
fiatjaf on Mar 30, 2022

The h tag is the description_hash, see bolt11: https://github.com/lightning/bolts/blob/master/11-payment-encoding.md#tagged-fields=

+1
fiatjaf on Mar 30, 2022

Read https://github.com/fiatjaf/lnurl-rfc/blob/luds/06.md, @jsarenik.

The “metadata” field is this JSON string which is an array of properties. That is what should be hashed for the description_hash. The wallet will check if bolt11.invoice_description == sha256(metadata).

+1
fiatjaf on Mar 30, 2022

great, I updated the title to mention the LNURL invoice check. keep me posted, I did not know that LNURL-pay is not possible with a clightning node right now.

+1
bumi on Mar 25, 2022

For the record: I am pretty sure this issue is not because of routing hints or similar. This issue is because of the LNURL described validations of the invoice. In this case the invoice (requested through LNURL-pay) does not pass the validation. (amount, description_hash must be the hash of the LNURL metadata, …)

see also: https://github.com/getAlby/lightning-browser-extension/pull/735#issuecomment-1077440267

+1
bumi on Mar 24, 2022
Read more comments on GitHub
← 10101: Cannot accept value that would put our exposure to dust HTLCs
candy-api: Unable to login to hub, API responds with "Call to a member function encodedId() on null"" →