It does, but the zapper key itself can be a random key. Is the concern that #[5] had to use his privkey ? Maybe I misunderstood.
Damus validates that the nostrPubkey matches the zap pubkey, and also validates the deschash
Please Login to reply.
More clients should probably check this not all of them do
That’s really bad. zaps are completely broken without that check.
Yeah I did a fake zap to #[9] and could see it on snort
