I've seen zap requests with maaaany relays (which could be considered an attack vector)
and I think some private zaps are also rather big - but I honestly don't know the spec there.
we currently have a size limit on metadata and saw some zaps failing because of that.
The relay list in the zap event comes from the client that does the zapping, right?
Yes. But it's not just the relay list, the `pzap` (encrypted zap content afaik) is rather big, also for short zap comments (maybe because of the padding?)
Yeah, that list comes from the inbox relays the user is using. Amethyst for instance just adds them all. So if a user has 20+ inbox relays (which should be only 3), all 20 get into the list.
This is a general problem of poor relay management since many of those relay are offline or are paid and the user is not even paying for it.
