Damus validates that the nostrPubkey matches the zap pubkey, and also validates the deschash
More clients should probably check this not all of them do
Please Login to reply.
That’s really bad. zaps are completely broken without that check.
Yeah I did a fake zap to #[9] and could see it on snort
