Can also use a negative price! I wonder what would happen if you went ahead with that. Presumably the payment gateway wouldn't pay me $5. Seems a strange choice to be having those parameters in a GET.
Everything that can be modified by the user is not suitable.
The price must be stored on the server side, everything on the client side is subject to modification.
The price is checked server side. You have to pass the price somehow to the client in order to display it. This is no different than any other ecommerce site, except that you can see it in a GET param.
I can "change the price" of anything on Amazon with dev tools, but that won't help me when I go to buy it. I appreciate the concern because amazingly this has been a real vulnerability on sites before (recently on a crypto exchange I think).
Sure you can overpay if you want, and you can underpay and not get the tickets you are trying to obtain fraudulently. It's only a problem if the vendor actual sends you product that you didn't pay for. This isn't an instant digital download.
It is checked server-side. I understand why people are concerned that the price is passed in a way that they can see vs grabbed via javascript or another method like most other sites, but that doesn't change the responsibility to check the data server-side. I can edit my POST requests to Amazon but they better not sell me stuff for $0, and neither will this site.
Once upon a time, my fav food ordering place had the discount encoded in the URL. Couldn't stop myself from trying, reduced the price by a very small number and it actually worked irl!