pull down to refresh
The getBolt11 function also has an exploitable flaw:
It asks the external (!) Bolt11 server for parameters related to the user-provided address, and honors minSendable in a funny way:
$minAmount = $lnurlDetails->minSendable;$payAmount = ($amount * 1000 > $minAmount) ? $amount * 1000 : $minAmount;
An attacker can use an address that leads to an attacker-controlled Bolt11 resolver, which returns an absurdly high minimum. The logic above will then use that (instead of the amount due)!
That's brutal.
The getBolt11 function also has an exploitable flaw:
It asks the external (!) Bolt11 server for parameters related to the user-provided address, and honors minSendable in a funny way:
An attacker can use an address that leads to an attacker-controlled Bolt11 resolver, which returns an absurdly high minimum. The logic above will then use that (instead of the amount due)!