Oddbean new post about | logout
NotBiebs | 2 months ago (raw) | root | parent | reply | flag +1 
 Your going to be more than annoyed if you get rugged because of the security vulns that @semisol talked about 😂
Vic | 2 months ago (raw) | root | parent | reply | flag 
 I wish he'd provide a writeup on that or link the existing note because its very possible it was fixed awhile ago
semisol | 2 months ago (raw) | root | parent | reply | flag +1 
 it’s more their track record; I have only explored a certain portion of their code only 

like 2 years ago, I had to annoy them for months before an SQL injection bug got fixed (it was simple also, they were passing field names from request body directly to the DB)

they also took a month of pestering to fix a bug that allowed draining Eclair nodes… with a hodl invoice (yes, you just wait 30 seconds)

their satsdice plugin had improper access control, meaning invoice keys meant to be receive only could drain wallets
Rand | 2 months ago (raw) | root | parent | reply | flag 
 semi