Can the secret amount passed to recipient be different from the committed amount?

Question

As I (roughly) understand it, every tx output has a public amount Pedersen commitment and also the real amount (along with a blinding factor) is encrypted such that only the recipient can know it.

My question is twofold:

1. What prevents the party creating the output from putting the wrong amount into the secret such that recipient is unable to generate the correct commitment when trying to spend it?

2. If nothing prevents this, then how does the code handle this case once the receiving party receives it? This utxo would seem to be unspendable unless the recipient can somehow obtain or guess the true amount.

Answer 1

Just to avoid confusion: regarding the amount, the payee receives:

1. A Pedersen commitment of the amount hidden with a blinding factor
2. An encrypted representation of the amount

both the blinding factor and 2) are calculated via a diffie-hellman-like "secret" (aka both payer and payee -and only them- can calculate the "secret" and hence the unencrypted, actual amount and the blinding factor)

So the payee decrypting 2) can check the value is the right one for their deal, then having calculated also the blinding factor can check the Pedersen commitment binds to the same value (which is important because it's via the commitment that inputs and outputs balance are checked by the network ... but that's another topic...)

Perhaps it can help you (disclaimer: it's mine): https://www.getmonero.org/library/RctCheatsheet20210604.pdf

Answer 2

1. A spender cannot use a different amount in the output commitment than is attached to the tx as the recipient would fail to decode and thus it wont be added to the wallet balance.

2. It is prevented per the above point (there's no incentive to do this). Furthermore, note the mask and amount encoding/decoding is deterministic, so any attempt to tamper is futile.