The invoiceAmount is dangerous because this is provided by the user's browser. Merchants cannot depend on this information. Malicious user can set invoiceAmount to be really small, and if the merchant uses it for verification they will ship the item.
The
invoiceAmountis dangerous because this is provided by the user's browser. Merchants cannot depend on this information. Malicious user can setinvoiceAmountto be really small, and if the merchant uses it for verification they will ship the item.