Iirc we don't check that fees were paid but only allow the LN node to pay as much in fees as the user. We don't have a guarantee of making money anyway rn (could introduce a fee margin that's guaranteed to go to the gateway to fix this).

Right now the only check we have is if a contract is "underfunded", which essentially just compares the amount in the contract to the amount that the client tells the gateway to pay. The issue is that, if the gateway is charging a routing fee, we do not currently independently compute that fee. So malicious clients could create a contract that pays exactly the amount that the invoice is, and the gateway won't enforce that their fee is included.

This is hard to exploit currently since it requires a malicious client to not attach fees for the gateway. In practice though this probably can occur if a gateway changes their advertised fees, since it might not re-register with the federation for another ~10mins.

@elsirion let me know if you think this is still necessary, I think we're on the same page. This essentially just turns the under-funding of a contract (without fees) into an explicit error, whereas before the gateway would rely on routing on the LN to make a profit