zaps@derekross.me
Discussion
Everything looks fine from the outside. Prob bug with the plugin or LNbits.
https://github.com/lnbits/lnurlp/commit/efb2eef32371a2837c0377708d13bff915958f55
it did not in-fact fix zaps.
Oof reverting to 0.4.0 crashed LNBits ๐
My man just use your Strike lightning address to receive zaps ๐
Test zap plz sir. Got 0.4.0 working.
Zap went through, but no receipt published
Rage. Thank you.
oh it looks like that commit is from a newer release. gotta figure out how to manually get this version since it's not in the lnbits extension market yet.
Iโd just wait cause you probably need this too
i hope this is pushed to prod soon so i can install this version via linbits. this is going to annoy me something fierce until it's fixed ๐
Your going to be more than annoyed if you get rugged because of the security vulns that nostr:npub12262qa4uhw7u8gdwlgmntqtv7aye8vdcmvszkqwgs0zchel6mz7s6cgrkj talked about ๐
I wish he'd provide a writeup on that or link the existing note because its very possible it was fixed awhile ago
itโs more their track record; I have only explored a certain portion of their code only
like 2 years ago, I had to annoy them for months before an SQL injection bug got fixed (it was simple also, they were passing field names from request body directly to the DB)
they also took a month of pestering to fix a bug that allowed draining Eclair nodesโฆ with a hodl invoice (yes, you just wait 30 seconds)
their satsdice plugin had improper access control, meaning invoice keys meant to be receive only could drain wallets
maybe this PR will fix the problem https://github.com/lnbits/lnurlp/pull/67