eclair icon indicating copy to clipboard operation
eclair copied to clipboard
verified publisher icon ACINQ

Eclair incorrectly parses BOLT 11 invoices with invalid fallback addresses

Open erickcestari opened this issue 5 months ago • 3 comments

Eclair fails to validate fallback addresses in BOLT 11 invoices and incorrectly parses invoices that should be rejected.

During invoice decoding (parsing a BOLT 11 string), the flow is:

  1. fromString() calls Codecs.bolt11DataCodec.decode()
  2. The codec directly creates FallbackAddress(version, data) using the case class constructor
  3. FallbackAddress.apply() is never called during decoding (which has validations)
  4. Only toAddress() gets called later when someone requests the fallback address
Invoice deserialization failed for lnbc1qzupp9qsp5pvgsuqqpgczuppczc3pcz3syzy8q2xqqqqqqqqqqqqqqqqqygh9qpp5s7zxqqqqqqqqqqyqymqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqhp5qs97qqqqqqqpqqyqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqptfqptfqptfqptfqptfqptfqptfqptfq95xtfqptfqp3w9chzut3w9chj95xw7tfpp35qqqw9chzuqt3w9chzut3qptfqptfqptfqptfqptfqptfqpqw9cqqqqt28y39
Module: Ldk
Result: ParseError(InvalidSegWitProgramLength)
Module: Clightning
Result: Invoice decode failed: f: witness v11 bad length 0
Module: Eclair
Result: HASH=8784600000000000008026c00000000000000000000000000000000000000000;PAYMENT_SECRET=0b110e00014605c08702c443814604110e0518000000000000000000000445ca;AMOUNT=0;DESCRIPTION=;METADATA=;RECIPIENT=0257df70dd2388826f22b769bee674cd1375aa06920d1744330fd301c8415aeafd;DESCRIPTION_HASH=040be00000000010008000000000000000000000000000000000000000000000;EXPIRY=3600;TIMESTAMP=96502944;FALLBACK_ADDRESS=bc1tqeq7ku;MIN_CLTV=18;FEATURES=

erickcestari avatar Aug 01 '25 19:08 erickcestari

Thanks for the report! I don't know if we care though, since eclair only supports paying invoices using lightning and will never use the fallback address. We've also mentioned during the last spec meeting that we'd like to deprecate fallback addresses entirely: application should rather use BIP21 URI to allow paying via different layers.

t-bast avatar Aug 19 '25 08:08 t-bast

Thanks for the report! I don't know if we care though, since eclair only supports paying invoices using lightning and will never use the fallback address. We've also mentioned during the last spec meeting that we'd like to deprecate fallback addresses entirely: application should rather use BIP21 URI to allow paying via different layers.

Okay, since the plan is to deprecate fallback addresses, feel free to close this issue.

erickcestari avatar Aug 19 '25 10:08 erickcestari

Let's keep it open to see if node operators signal that they need this!

t-bast avatar Aug 20 '25 07:08 t-bast