From 5db1934fa4b0efeedd30ff46d145e0343e12c9d1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois-Xavier=20Thoorens?= <fx.thoorens@gmail.com>
Date: Tue, 27 Dec 2022 17:23:36 +0100
Subject: [PATCH] fixed security issue around event verification

the use of id has been removed and the hash is computed instead
---
 event.ts | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/event.ts b/event.ts
index 0cc4250..737ff7b 100644
--- a/event.ts
+++ b/event.ts
@@ -73,10 +73,8 @@ export function validateEvent(event: Event): boolean {
   return true
 }
 
-export function verifySignature(
-  event: Event & {id: string; sig: string}
-): boolean {
-  return secp256k1.schnorr.verifySync(event.sig, event.id, event.pubkey)
+export function verifySignature(event: Event & {sig: string}): boolean {
+  return secp256k1.schnorr.verifySync(event.sig, getEventHash(event), event.pubkey)
 }
 
 export function signEvent(event: Event, key: string): string {