It looks very fishy.
The link that thr On button opens begins with âdamus:nostr:nscript1âŚâ and then a bech32 blob that after decoding contains âasmâ, ânostr_set_boolâ, âmemoryâ and some long binary stuff in between.
Why would you need such a long script to override a single boolean?
nostr:npub18m76awca3y37hkvuneavuw6pjj4525fw90necxmadrvjg0sdy6qsngq955 is this legit?
Donât trust, verify
nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s Is this a legit script? How can I parse it?
echo nscript⌠| bech32 -d > zap.wasm && wasm-objdump -x zap.wasm
nostrscripts are sandboxed. They canât do anything other than set boolean flags in your settings atm
Can it send an http request with my nsec to a third party?
Anyways, here is the script. I donât know much about WebAssembly, what does the last âdataâ operations do?
(module
(type $t0 (func (param i32 i32 i32) (result i32)))
(type $t1 (func))
(import "nostr" "nostr_set_bool" (func $nostr.nostr_set_bool (type $t0)))
(func $f1 (type $t1)
(drop
(call $nostr.nostr_set_bool
(i32.const 1056)
(i32.shr_u
(i32.load
(i32.const 1052))
(i32.const 1))
(i32.const 0))))
(memory $memory (export "memory") 1)
(start $f1)
(data $d0 (i32.const 1036) "\1c")
(data $d1 (i32.const 1048) "\02\00\00\00\0c\00\00\00n\00o\00z\00a\00p\00s"))
data defines wellâŚ. data. In this case its a utf16 string called ânozapsâ this is used as an argument to the nostr_set_bool function call:
nostr_set_bool(ânozapsâ, false)
This is the entire script
its not actually that long if you consider what it is. This is probably one of the smallest examples of a small, portable, sandboxed binary executable.
These will be used for executing turing complete algos, so I needed the flexibility of a portable executable.
