Rizful.com on Nostr: Yes, we realized during implementation of NWC for Rizful.com that there are some ...
Yes, we realized during implementation of NWC for
Rizful.com (npub1jlu…p2kq) that there are some tricky race conditions with payments and budgets considering that a Lightning payment can be "in-flight" for quite a long time... there is a potential attack on a NWC user where an attacker could exceed the user's budget if the attacker submits a lot of payment requests all at once and the user's NWC wallet service isn't properly tracking payments 'in-flight'!
Published at
2025-02-10 19:29:49Event JSON
{
"id": "7decfcbfbf20077edc0c8eeb97ff74e8c2758e969b200e1609e9f37bcabf1e47",
"pubkey": "97f848adcc4c6276685fe48426de5614887c8a51ada0468cec71fba938272911",
"created_at": 1739215789,
"kind": 1,
"tags": [
[
"p",
"c6f7077f1699d50cf92a9652bfebffac05fc6842b9ee391089d959b8ad5d48fd",
"",
"mention"
],
[
"e",
"5d2b8e6571b1c3c61340b005c6e481eb8f95bb8c6fc9ff0e8c14f8f09fe90498",
"",
"root"
],
[
"p",
"460c25e682fda7832b52d1f22d3d22b3176d972f60dcdc3212ed8c92ef85065c"
],
[
"p",
"97f848adcc4c6276685fe48426de5614887c8a51ada0468cec71fba938272911",
"",
"mention"
]
],
"content": "Yes, we realized during implementation of NWC for nostr:npub1jluy3twvf338v6zlujzzdhjkzjy8ezj34ksydr8vw8a6jwp89ygshpp2kq that there are some tricky race conditions with payments and budgets considering that a Lightning payment can be \"in-flight\" for quite a long time... there is a potential attack on a NWC user where an attacker could exceed the user's budget if the attacker submits a lot of payment requests all at once and the user's NWC wallet service isn't properly tracking payments 'in-flight'!",
"sig": "912869314c8efa963289c53cf47c6a245cc009d89601fca4521ef97f393759c4b0d3256aabee3489a641489b210f20d19a7cac523ef9e3c889d802874eb305af"
}
