Iβm trying to figure out why his nostr.band stats arenβt working
cc: nostr:npub1xdtducdnjerex88gkg2qk2atsdlqsyxqaag4h05jmcpyspqt30wscmntxy
Decentralization and censorship resistance are based, but wait until creators find out that nostr:nprofile1qqsrpl96thl42ve0gsah63ypz75uunzpgfrd0g2x8nry4ggtef6crdgpzfmhxue69uhhqatjwpkx2urpvuhx2ucpzemhxue69uhhyetvv9ujuurjd9kkzmpwdejhgqgawaehxw309ahx7um5wghx67t0wahxgctddehx7er99e3k7mgljk58c's first note has earned him almost $1,000. A value for value based circular economy is sexy as fuck.
Discussion
He broke it π
I wonder if it's on a batch process and it wasn't ran yet?
idk man 
Seems like LN invoices included by Primal in zap receipts have empty payment_hash field. The invoice parser I use discards those invoices as invalid. I guess I'll have to patch it, as this is an optional field for zap verification purposes - they generate a proper invoice for the actual payment.
They also strip the description/commit hash from the invoice in zap receipts, which seems to go against nip57: "SHA256(description) MUST match the description hash in the bolt11 invoice." It looks like I will have to strip this verification logic on my end since in practice many wallets violate nip57 anyway and everyone is just trusting the wallets.
i wish nostr apps did more verification of signed events π
zap verification is even bigger pain in the back and probably not worth it in terms of support requests ala "why are zaps not showing up?"
i had to do the same, we should probably just drop that MUST
at the end of the day you have to trust the zapper anyways, verification of the bolt11 just makes faking the zap slightly harder but not impossible
yeah, zap verification always seemed like a lot of work for not much gain against real bad actors
Should I log your initial missing payment_hash for Primal team nostr:npub1xdtducdnjerex88gkg2qk2atsdlqsyxqaag4h05jmcpyspqt30wscmntxy ?
Maybe a table for "Zap verification" across clients, with problematic cases in comments? My guess is many clients do very little of it, and if they eventually start doing it they might stumble on the same issues.
Seems ok to me. Is Damus verifying event signatures now? And zaps too?
damus ios has always verified zaps. it also verifies profile signatures so that noone can fake profiles. also when constructing threads it walks nostrdb which verifies all notes. we just haven't completed the full nostrdb migration everywhere yet.
PR for this https://github.com/nostr-protocol/nips/pull/1705
also be careful about albyhub zaps as well:
Thanks, that part works fine on my end
There you go
