Rolling out a small change to ZEUS Pay Zaplocker payments this morning:
Zaps are now broadcast when the sender makes the payment. Previously they were broadcast when the receiver redeemed them in their ZEUS wallet.
This should provide for a bit of a smoother UX for zappers.
More updates soon.
Does this mean I can see who zapped me before I accept the money?
Yes, you should be able to see it in your Nostr client.
What happens if the payment expires before it’s received?
The payment returns to the senders wallet.
The zap remains as you cannot unbroadcast Nostr events.
Seems exploitable.
Zap receipts are not intended to be a proof of payment. All it proves is that some nostr user fetched an invoice.
But in most cases if the invoice is unpaid the zap can’t be broadcasted. This opens up a window for someone to send a million sat zap to themselves that never gets paid.
The ZEUS system still requires a payment to be made to an invoice that we generated.
Your scenario isn’t really much different than just zapping yourself. It’s trivial to make it look like you received way more than you actually did without even writing any code.
With some basic skill anyone can make it look like they received 22M bitcoin in a single zap.
True, and I say this as someone who has zapped myself 1,000,000 sats. 😁
