commit 13f98659a4fda5d11d15a58b436c58f25b893f6f
parent f5ba90978412619fcf7525f7cdd390339525dd1c
Author: William Casarin <jb55@jb55.com>
Date: Sat, 8 Jul 2023 21:52:20 -0700
Prevent forged profile zap attacks
The fake note zap attack made me realize that there is a way to do fake
profile zaps using a similar technique. Since damus only checks the
first ptag if it is a profile zap, this means you could include multiple
ptags, the first one being the fake profile with the fake zapper, and
the second p tag as the real target.
This would allow a fake zapper to create a fake a zap, while the zap
notification would still appear for the second ptag because damus
listens for zap events via #p, and that would match the second ptag.
To fix this, ensure that zaps only have at most 1 ptag and 0 or 1 etag.
my CLN zapper checks this but if we don't check this here as well then
we run into fake zap issues.
Changelog-Fixed: Fix potential fake profile zap attacks
Cc: Tony Giorgio <tonygiorgio@protonmail.com>
Cc: benthecarman <benthecarman@live.com>
Cc: Vitor Pamplona <vitor@vitorpamplona.com>
Diffstat:
1 file changed, 10 insertions(+), 0 deletions(-)
diff --git a/damus/Models/HomeModel.swift b/damus/Models/HomeModel.swift
@@ -1242,10 +1242,20 @@ func get_zap_target_pubkey(ev: NostrEvent, events: EventCache) -> String? {
let etags = ev.referenced_ids
if let etag = etags.first {
+ // ensure that there is only 1 etag to stop fake note zap attacks
+ guard etags.count == 1 else {
+ return nil
+ }
// we can't trust the p tag on note zaps because they can be faked
return events.lookup(etag.id)?.pubkey
} else {
let ptags = ev.referenced_pubkeys
+
+ // ensure that there is only 1 ptag to stop fake profile zap attacks
+ guard ptags.count == 1 else {
+ return nil
+ }
+
return ptags.first?.id
}
}
