Nostr Web Client

great idea but my hands are full rn, I'm already biting off more than I can chew 😓

one thing I'd love to see audited is NIP-60 wallet (cashu on nostr) implementations since those are highly sensitive

Oh, that got me thinking. At WalletScrutiny we dismiss deeper analysis of custodial products as the custodian has full control, thus it's on him to keep the funds safe but with eCash the custodian almost can't exercise any discretion to protect the user.

Let's say somebody would backdoor some popular eCash client to then trigger a "send all funds to me", what could a mint do about it? nostr:npub12rv5lskctqxxs2c8rf2zlzc7xx3qpvzs3w4etgemauy9thegr43sf485vg have there been any such considerations? Are there mints that would lock funds all of a sudden thousands of IPs would ask to send to the same address? As mints don't send to addresses but to invoices I doubt it would even be possible. The mint would simply detect a sudden surge in activity.

For WalletScrutiny that means that we either can treat eCash as worse than custodial (they can rug you but also cannot protect you against your wallet rugging you) or as "yeah, custodial but popular and vulnerable to both custodian and client, so we better scrutinize the wallets".

Reply to this note

Please Login to reply.

Discussion

Garbage nsec 3mo ago

The real-world analogy for that one is quicksilver from x-men zipping around and pulling cash out of everyone’s pockets.

calle 3mo ago

Nothing a mint can do. Cashu wallets are non-custodial ecash wallets.

That's a consequence of privacy and irreversibility and unruggability (of the ecash). If the mint could lock your funds or reverse a transaction, or even trace it,, it would defeat the whole point of using ecash in the first place.