pull down to refresh
20 sats \ 2 replies \ @jeffgoldblum 13 May 2022 freebie \ on: 🎥 Pay using an NFC card (offline) - LightningNFC ⚡ | @thedavidcoen bitcoin
This is a really cool idea and an awesome new project to try out.
The BIG downside I see with this is that whoever can read the contents of the NFC chip, has access to the LNURL-withdraw link and can thus drain the entire node's funds.
Am I seeing this correctly or am I missing something?
There's a maxWithdrawable value, so I'm guessing the card can be configured to be used X times and up to N sats per transaction.
I think. I pretty much only know LN in general, and am not very familiar with LNURL specifically,
Maybe someone else seeing this and knows the answer can pipe in.
reply
If so, this means that still anyone could pull X*N sats in total. Like this the implementation doesn't seem to be usable in the real world yet. There would have to be some security mechanism in place to make a payment link non-reusable.
Even entering some sort of PIN doesn't seem to be a fitting solution as this PIN — once entered into a POS terminal — could then be used with the respective LNURL-withdraw link to pull funds as one pleases.
If someone more knowledgeable could clear up any mistakes I made in my reasoning, I'd really appreciate it.
Any ideas yet on how to overcome these issues?
reply