diff --git a/common/bolt11.c b/common/bolt11.c
index db9209fdaa2f..0df70f9136ae 100644
--- a/common/bolt11.c
+++ b/common/bolt11.c
@@ -375,6 +375,18 @@ static const char *decode_f(struct bolt11 *b11,
 	size_t orig_len = *field_len;
 	const char *err;
 
+	/* Read version but don't commit to hash yet */
+	err = pull_uint(NULL, &orig_data, &orig_len, &version, 5);
+	if (err)
+			return tal_fmt(b11, "f: %s", err);
+
+	bool is_known_version = version == 17 || version == 18 || version < 17;
+
+	if (!is_known_version) {
+		return unknown_field(b11, hu5, data, field_len, 'f');
+	}
+
+	/* For known versions, process with hash */
 	err = pull_uint(hu5, data, field_len, &version, 5);
 	if (err)
 		return tal_fmt(b11, "f: %s", err);
@@ -429,10 +441,9 @@ static const char *decode_f(struct bolt11 *b11,
 		fallback = scriptpubkey_witness_raw(b11, version,
 						    f, tal_count(f));
 	} else {
-		/* Restore version for unknown field! */
-		*data = orig_data;
-		*field_len = orig_len;
-		return unknown_field(b11, hu5, data, field_len, 'f');
+		// This should be unreachable because all valid versions (17, 18, or <17)
+		// and invalid versions are caught above.
+		return tal_fmt(b11, "f: unknown version %"PRIu64, version);
 	}
 
 	if (b11->fallbacks == NULL)
@@ -1372,4 +1383,4 @@ char *bolt11_encode_(const tal_t *ctx,
 		output = tal_free(output);
 
 	return output;
-}
+}
\ No newline at end of file