ferret on Nostr: Was taught today by smart dev that zapple pay code is not safe. Told not to use it. ...
Was taught today by smart dev that zapple pay code is not safe. Told not to use it.
Zapple pay stores the key to your wallet in the clear. The owner of zapplepay could just drain all connected wallets, or get hacked and have same effect
At large scale (zapplepay) it becomes an attractive target
Zapple pay stores the key to your wallet in the clear. The owner of zapplepay could just drain all connected wallets, or get hacked and have same effect
At large scale (zapplepay) it becomes an attractive target
quoting note10wl…n7mlIf this becomes the preferred way for people to use nostr, then the nostr client becomes a defacto custodial wallet, even though they may not be focusing on that.
It's a change from a "push" based payment to a "pull" based one. The responsibility for security of customer funds now rests on the nostr client. How much: All of it? None of it? Some of it? Do they even want that?
If an exploit is found, or bug introduced - hackers will very quickly exploit it to its maximum (one of the best things about lightning! but also one of the most challenging). Even with limits set, that can be a lot of money, and a lot of damage to everybody involved.