From c5d356e09b0806257ee684a72bb65e968d575e81 Mon Sep 17 00:00:00 2001
From: ffranr <robyn@lightning.engineering>
Date: Thu, 31 Oct 2024 12:50:45 +0000
Subject: [PATCH] rfq: add PaymentMaxAmt check to AssetPurchasePolicy

This commit adds a check to ensure that the outgoing HTLC `msat` amount
does not exceed the `PaymentMaxAmt` specified in the RFQ quote.
---
 rfq/order.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/rfq/order.go b/rfq/order.go
index 4df13ba45..7d29e1709 100644
--- a/rfq/order.go
+++ b/rfq/order.go
@@ -248,6 +248,9 @@ type AssetPurchasePolicy struct {
 	// BidAssetRate is the quote's asset to BTC conversion rate.
 	BidAssetRate rfqmath.BigIntFixedPoint
 
+	// PaymentMaxAmt is the maximum agreed BTC payment.
+	PaymentMaxAmt lnwire.MilliSatoshi
+
 	// expiry is the policy's expiry unix timestamp in seconds after which
 	// the policy is no longer valid.
 	expiry uint64
@@ -260,6 +263,7 @@ func NewAssetPurchasePolicy(quote rfqmsg.SellAccept) *AssetPurchasePolicy {
 		AssetSpecifier:  quote.Request.AssetSpecifier,
 		AcceptedQuoteId: quote.ID,
 		BidAssetRate:    quote.AssetRate,
+		PaymentMaxAmt:   quote.Request.PaymentMaxAmt,
 		expiry:          quote.Expiry,
 	}
 }
@@ -308,6 +312,15 @@ func (c *AssetPurchasePolicy) CheckHtlcCompliance(
 			assetAmt.String(), inboundAmountMSat)
 	}
 
+	// Ensure that the outbound HTLC amount is less than the maximum agreed
+	// BTC payment.
+	if htlc.AmountOutMsat > c.PaymentMaxAmt {
+		return fmt.Errorf("htlc out amount is more than the maximum "+
+			"agreed BTC payment (htlc_out_msat=%d, "+
+			"payment_max_amt=%d)", htlc.AmountOutMsat,
+			c.PaymentMaxAmt)
+	}
+
 	// Lastly, check to ensure that the policy has not expired.
 	if time.Now().Unix() > int64(c.expiry) {
 		return fmt.Errorf("policy has expired (expiry_unix_ts=%d)",