pull down to refresh
8 sats \ 2 replies \ @cryptocoin 19 May 2022 \ on: How to use those awesome new Bolt Cards without a CoinCorner account bitcoin
I don't know enough about LNURL to understand how this is secure.
- Are there limits as to how much is paid, and if so is that configurable? e.g., can I set a limit of N sats per tap, and N taps per hour?
- Another scenario: The terminal shows 5,000 sats. I tap. Later, I find 100,000 sats deducted. The merchant was dishonest. My "tap" authorized it though.
- There is protection against a replay attack (single use token), but not against someone stealing my card (or finding it after I dropped it) and draining funds either at other merchants, or the thief manually sucking everything out.
I read a bit more about LNURL-Widthraw and it is indeed possible to configure it to have limits.
With LNURL withdraw, you have the ability to give someone the right to spend a range, once or multiple times
In the case of dishonest merchants, you'll have to trust them, because by tapping with the card you can't see how much you're approving(they could create an app with a fake amount displayed while sending a larger invoice). That's basically the same as tapping with a credit card though(you could have a chargeback eventually though).
And yes, card stealing will mean you lost your money. Also similar to having a fiat card stolen and having the person tap away your money.
reply
You have full control of it really because you can make it connect to your own node.
Most probably there's going to be a few issues, so I wouldn't put too many sats in that node, but this is just the first iteration of the technology. I'm sure it will get only better over time. Here are the lightning specifications that this is built upon: https://github.com/fiatjaf/lnurl-rfc
Under services you can see that ln.cash for example uses LUD-01: Base LNURL encoding and decoding and LUD-03: withdrawRequest base spec. You can read those to see how the transaction is actually performed under the hood.
Under self hosted there's some projects that use the same LUDs, like these ones for example:
reply