Oddbean new post about login | logout It looks very fishy. The link that thr On button opens begins with “damus:nostr:nscript1…” and then a bech32 blob that after decoding contains “asm”, “nostr_set_bool”, “memory” and some long binary stuff in between. Why would you need such a long script to override a single boolean? @damus is this legit?
@jb55 Is this a legit script? How can I parse it?
echo nscript… | bech32 -d > zap.wasm && wasm-objdump -x zap.wasm nostrscripts are sandboxed. They can’t do anything other than set boolean flags in your settings atm
Can it send an http request with my nsec to a third party?
Anyways, here is the script. I don’t know much about WebAssembly, what does the last “data” operations do?
(module
(type $t0 (func (param i32 i32 i32) (result i32)))
(type $t1 (func))
(import "nostr" "nostr_set_bool" (func $nostr.nostr_set_bool (type $t0)))
(func $f1 (type $t1)
(drop
(call $nostr.nostr_set_bool
(i32.const 1056)
(i32.shr_u
(i32.load
(i32.const 1052))
(i32.const 1))
(i32.const 0))))
(memory $memory (export "memory") 1)
(start $f1)
(data $d0 (i32.const 1036) "\1c")
(data $d1 (i32.const 1048) "\02\00\00\00\0c\00\00\00n\00o\00z\00a\00p\00s")) its not actually that long if you consider what it is. This is probably one of the smallest examples of a small, portable, sandboxed binary executable. These will be used for executing turing complete algos, so I needed the flexibility of a portable executable.