What is Nostr?
ferret / Lady Ferret
npub1gvy…yn0t
2023-08-08 01:34:42
in reply to nevent1q…84ue

ferret on Nostr: Was taught today by smart dev that zapple pay code is not safe. Told not to use it. ...

Was taught today by smart dev that zapple pay code is not safe. Told not to use it.

Zapple pay stores the key to your wallet in the clear. The owner of zapplepay could just drain all connected wallets, or get hacked and have same effect

At large scale (zapplepay) it becomes an attractive target

If this becomes the preferred way for people to use nostr, then the nostr client becomes a defacto custodial wallet, even though they may not be focusing on that.

It's a change from a "push" based payment to a "pull" based one. The responsibility for security of customer funds now rests on the nostr client. How much: All of it? None of it? Some of it? Do they even want that?

If an exploit is found, or bug introduced - hackers will very quickly exploit it to its maximum (one of the best things about lightning! but also one of the most challenging). Even with limits set, that can be a lot of money, and a lot of damage to everybody involved.
Author Public Key
npub1gvy07gxw6uu8rd57mz72mg4q2x7r5ptpp5gc832dv768e58hqd0q5nyn0t