laantungir/nostr-tools
1
0
Fork 0
mirror of https://github.com/nbd-wtf/nostr-tools.git synced 2025-12-09 16:48:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixed security issue around event verification

Browse Source 
the use of id has been removed and the hash is computed instead
This commit is contained in:
François-Xavier Thoorens
2022-12-27 17:23:36 +01:00
committed by fiatjaf
parent 50c3f24b25
commit 5db1934fa4
1 changed files with 2 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
event.ts
View File

@@ -73,10 +73,8 @@ export function validateEvent(event: Event): boolean {
return true return true
} }
export function verifySignature( export function verifySignature(event: Event & {sig: string}): boolean {
event: Event & {id: string; sig: string} return secp256k1.schnorr.verifySync(event.sig, getEventHash(event), event.pubkey)
): boolean {
return secp256k1.schnorr.verifySync(event.sig, event.id, event.pubkey)
} }
export function signEvent(event: Event, key: string): string { export function signEvent(event: Event, key: string): string {