From c7f78ec126306b673717cd3024f8ae214f821ead Mon Sep 17 00:00:00 2001
From: benthecarman <15256660+benthecarman@users.noreply.github.com>
Date: Tue, 19 Sep 2023 02:41:53 -0500
Subject: [PATCH] Verify invoice amount in lightning address withdrawal

---
 api/resolvers/wallet.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/api/resolvers/wallet.js b/api/resolvers/wallet.js
index 1f9646a5df..2ab3264e4b 100644
--- a/api/resolvers/wallet.js
+++ b/api/resolvers/wallet.js
@@ -313,6 +313,10 @@ export default {
         throw new Error('description hash does not match')
       }
 
+      if (decoded.num_msat !== milliamount) {
+        throw new Err('invoice has incorrect amount')
+      }
+      
       // take pr and createWithdrawl
       return await createWithdrawal(parent, { invoice: res2.pr, maxFee }, { me, models, lnd })
     },