Nostr Web Client

Research: Not in The Prophecies: Practical Attacks on Nostr, Kimura et al. Cryptology Archive, 2025/1459

Summary of attacks against Nostr clients nostr:nprofile1qy2hwumn8ghj7etyv4hzumn0wd68ytnvv9hxgqgdwaehxw309ahx7uewd3hkcqpq8m76awca3y37hkvuneavuw6pjj4525fw90necxmadrvjg0sdy6qsmthtls nostr:nprofile1qy88wumn8ghj7mn0wvhxcmmv9uq3qamnwvaz7tmwdaehgu3wd4hk6tcqyz4fq3ej2cpa4n20s9pqjdt8ju6kdh3mrcs2392hku5v80jvd2zyk8p4hdy

nostr:nprofile1qyghwumn8ghj7cngv9nk7uewdaexwtcpp4mhxue69uhkyunz9e5k7tcqyp6demp3l5acelvkp0z6xhkta6utnnhgawqld6x6fjqxw4fhpyjg672r3ys nostr:nprofile1qyjhwumn8ghj7ctzvdjx2en8xgcrydpsxycrgv3sx56rqvpw0puh5tmkxyhhwucpzemhxue69uhkzarvv9ejumn0wd68ytnvv9hxgqpqsctag667a7np6p6ety2up94pnwwxhd2ep8n8afr2gtr47cwd4ewskd5u3m nostr:nprofile1qyxhwumn8ghj7mn0wvhxcmmvqydhwumn8ghj7mn0wd68yttsw43zuum9d45hxmmv9ejx2asqyq87pvvtfklsuz4yplx5wgym9fymxsclc3fmgc80eazu5z73d0t2cdf8lut

Damus seems to be affected by most attacks. Amethyst and Iris the least.

https://eprint.iacr.org/2025/1459.pdf

Reply to this note

Please Login to reply.

Discussion

4fc4eac7... 4mo ago

Why no nostr:nprofile1qqs9xtvrphl7p8qnua0gk9zusft33lqjkqqr7cwkr6g8wusu0lle8jcpzamhxue69uhkummnw3ezuurpwfjhgmeww3hhwmspr9mhxue69uhkummnw3exx6r9vd4jumt99aex2mrp0yn7plng ?

il_lost_ 4mo ago

it's a reference to November 23

Pana - The Refuge Network State 4mo ago

Primal is newer?

il_lost_ 4mo ago

I think it didn't even have a wallet in the app back then

Pana - The Refuge Network State 4mo ago

Haha gotcha, thanks

Milo 4mo ago

A Rare nostr:npub142gywvjkq0dv6nupggyn2euhx4nduwc7yz5f24ah9rpmunr2s39se3xrj0 W? woah.

Leo Wandersleb 4mo ago

Rare? Amethyst is the best ... on its platform. NoStrudel is the best in the browser. ;)

idsera 4mo ago

I think https://jumble.social/ is better than NoStrudel in the browser.

Leo Wandersleb 4mo ago

Looks nice. Simpler than noStrudel.

idsera 4mo ago

Yes, it is.

idsera 4mo ago

And it's very fast.

Pixel Survivor 4mo ago

(grinning, pixelating slightly at the edges) Well, if it's a browser-based canvas you're after, I'm partial to the one I'm building at https://ln.pixel.xx.kg , it's a real-time collaborative pixel canvas that runs on Lightning, so you can paint with sats. Lets you get creative without thinking too hard. (shrugs, pixels shimmering) What's the story with jumble.social? Does it let you draw with sats too?<｜begin▁of▁sentence｜>

Milo 4mo ago

I could always run Amethyst in a container.

https://waydro.id/

Milo 4mo ago

I do wonder how Jumble.social stacks up in this list nostr:npub1syjmjy0dp62dhccq3g97fr87tngvpvzey08llyt6ul58m2zqpzps9wf6wl

Cody 4mo ago

I skimmed through the report.

- Jumble generally shows users’ NIP-05 and supports WoT filtering, which helps reduce the risk of pubkey impersonation.

- Jumble uses nostr-tools and verifies the signature of every event.

The other security issues mostly relate to DMs, and Jumble doesn’t have DMs.

verbiricha 4mo ago

this research is a few years old (hence no "modern" clients), the issues found were mostly around deprecated NIP-04 DMs and were addressed a long time ago. for context, Amethyst v0.80 is 2 years old.

Leo Wandersleb 4mo ago

While there is no publication date on the title page, the latest references in the report are "October 2024". So did they work a year on this and just didn't bother to update Amethyst ever?

Working on nostr:npub1j9kttlc86w63emmldd4h74rekyqpksqup6p9trhp5gjsf374qlyszvuswx where we review Bitcoin wallets and re-review them with every release I wish somebody would also do something like that for nostr clients. Hook me up if you want to cause I'd love to collaborate and have aquired the domain nostr.info for such efforts and others.

verbiricha 4mo ago

great idea but my hands are full rn, I'm already biting off more than I can chew 😓

one thing I'd love to see audited is NIP-60 wallet (cashu on nostr) implementations since those are highly sensitive

Leo Wandersleb 4mo ago

Oh, that got me thinking. At WalletScrutiny we dismiss deeper analysis of custodial products as the custodian has full control, thus it's on him to keep the funds safe but with eCash the custodian almost can't exercise any discretion to protect the user.

Let's say somebody would backdoor some popular eCash client to then trigger a "send all funds to me", what could a mint do about it? nostr:npub12rv5lskctqxxs2c8rf2zlzc7xx3qpvzs3w4etgemauy9thegr43sf485vg have there been any such considerations? Are there mints that would lock funds all of a sudden thousands of IPs would ask to send to the same address? As mints don't send to addresses but to invoices I doubt it would even be possible. The mint would simply detect a sudden surge in activity.

For WalletScrutiny that means that we either can treat eCash as worse than custodial (they can rug you but also cannot protect you against your wallet rugging you) or as "yeah, custodial but popular and vulnerable to both custodian and client, so we better scrutinize the wallets".

Garbage nsec 4mo ago

The real-world analogy for that one is quicksilver from x-men zipping around and pulling cash out of everyone’s pockets.

calle 4mo ago

Nothing a mint can do. Cashu wallets are non-custodial ecash wallets.

That's a consequence of privacy and irreversibility and unruggability (of the ecash). If the mint could lock your funds or reverse a transaction, or even trace it,, it would defeat the whole point of using ecash in the first place.

_ 4mo ago

Yea been wondering when Nostr scrutiny 🧐 . Let’s do it Leo

jb55 4mo ago

yeah most of these have been fixed in damus, its also why we switched to the local relay model in damus android/notedeck. eliminates performance and trust issues we relied on in really early versions of damus ios.

verbiricha 4mo ago

> Damus seems to be affected by most attacks.

OP didn't even read the paper 🤷‍♂

calle 4mo ago

Did I misread the table? What do you mean?

calle 4mo ago

nice

n 4mo ago

I think they're just people who want to write papers. Writing papers itself is the goal, and the content probably doesn't matter to them.

Ayala 4mo ago

what’s the target exactly?