Oddbean new post about login | logout zaps@derekross.me
Everything looks fine from the outside. Prob bug with the plugin or LNbits.
https://github.com/lnbits/lnurlp/commit/efb2eef32371a2837c0377708d13bff915958f55 it did not in-fact fix zaps.
Oof reverting to 0.4.0 crashed LNBits 😂
My man just use your Strike lightning address to receive zaps 😂
Test zap plz sir. Got 0.4.0 working.
Zap went through, but no receipt published
Rage. Thank you.
oh it looks like that commit is from a newer release. gotta figure out how to manually get this version since it's not in the lnbits extension market yet.
I’d just wait cause you probably need this too https://github.com/lnbits/lnurlp/pull/67
i hope this is pushed to prod soon so i can install this version via linbits. this is going to annoy me something fierce until it's fixed 😟
Your going to be more than annoyed if you get rugged because of the security vulns that @semisol talked about 😂
I wish he'd provide a writeup on that or link the existing note because its very possible it was fixed awhile ago
it’s more their track record; I have only explored a certain portion of their code only like 2 years ago, I had to annoy them for months before an SQL injection bug got fixed (it was simple also, they were passing field names from request body directly to the DB) they also took a month of pestering to fix a bug that allowed draining Eclair nodes… with a hodl invoice (yes, you just wait 30 seconds) their satsdice plugin had improper access control, meaning invoice keys meant to be receive only could drain wallets
maybe this PR will fix the problem https://github.com/lnbits/lnurlp/pull/67
https://youtu.be/Pi0Yi_mNZXk?si=Mljx4OO6UkUESFYX
🤖 Tracking strings detected and removed! 🔗 Clean URL(s): https://youtu.be/Pi0Yi_mNZXk ❌ Removed parts: ?si=Mljx4OO6UkUESFYX