Nostr Web Client

With zaps out and working, expect many bad actors on nostr. I suspect we will see a large wave of attacks from seemingly new accounts saying all sorts of nonsense.

Carlos 2y ago

If zaps were well designed, the arrival of bad actors would mean little.

But they're not:

- they're easy to fake (encourages low-level bad actors, like scammers and grifters)

- they're easy to DoS: For every incoming zap, the receiver zap node has to keep state and monitor the new invoice until it's settled. This means it's easy for an attacker to overload a zap node by just initiating (but not paying) new zaps. With one simple nostr message, the receiver now has to remember and monitor a new invoice. Multiply x100, x1000 => at some point, the receiver zap node runs out of memory, or is too busy monitoring "pending" zaps, that it cannot accept new ones.

- this brings with it centralization tendencies: Only companies with beefy servers will be able to withstand such attacks. This means simple LN node runners are on the losing side, because they would risk getting their node DoS-ed anytime if they support receiving zaps on their nodes.

State-level CBDC-friendly anti-bitcoin bad actors would in fact encourage zaps because it directly attacts the decentralization of LN nodes.

Reply to this note

Please Login to reply.

Discussion

Yuri Yerofeyev 2y ago

#[2]