quotingZaps are broken. There is a vulnerability/bug (depending on how you see it) where you could show off on social media that you zapped someone but you could just pay yourself.
nevent1q…39p6
Here’s how to reproduce it:
When you click zap, an invoice is fetched from a URL that looks like this
- https://stacker.news/api/lnurlp/02fbae2cc5/pay?SOMECRAP
- Replace 02fbae2cc5 with your own user ID and fetch the invoice and pay it, so you pay yourself. Check the post you’re trying to Zap, it will get updated saying you zapped them. LOL
https://snort.social/e/note1sxedhg4r6tyjamdtr7txzxda5e24tkfxh9amgxs5cpccw3e0v9vs36vfxq
This is an example post, Only one of my zap is real, 2 more I just paid myself.
#[0] found this out.
Carlos on Nostr: Other intrepid hackers finding issues with zaps #[0]
Other intrepid hackers finding issues with zaps