nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s Is this a legit script? How can I parse it?
It looks very fishy.
The link that thr On button opens begins with “damus:nostr:nscript1…” and then a bech32 blob that after decoding contains “asm”, “nostr_set_bool”, “memory” and some long binary stuff in between.
Why would you need such a long script to override a single boolean?
nostr:npub18m76awca3y37hkvuneavuw6pjj4525fw90necxmadrvjg0sdy6qsngq955 is this legit?
Discussion
echo nscript… | bech32 -d > zap.wasm && wasm-objdump -x zap.wasm
nostrscripts are sandboxed. They can’t do anything other than set boolean flags in your settings atm
Can it send an http request with my nsec to a third party?
Anyways, here is the script. I don’t know much about WebAssembly, what does the last “data” operations do?
(module
(type $t0 (func (param i32 i32 i32) (result i32)))
(type $t1 (func))
(import "nostr" "nostr_set_bool" (func $nostr.nostr_set_bool (type $t0)))
(func $f1 (type $t1)
(drop
(call $nostr.nostr_set_bool
(i32.const 1056)
(i32.shr_u
(i32.load
(i32.const 1052))
(i32.const 1))
(i32.const 0))))
(memory $memory (export "memory") 1)
(start $f1)
(data $d0 (i32.const 1036) "\1c")
(data $d1 (i32.const 1048) "\02\00\00\00\0c\00\00\00n\00o\00z\00a\00p\00s"))
data defines well…. data. In this case its a utf16 string called “nozaps” this is used as an argument to the nostr_set_bool function call:
nostr_set_bool(“nozaps”, false)
This is the entire script