unfortunately very easy
the issue is that the payment key can be derived without paying (as the event has all the data needed). to fix this you need a server that verifies the payment and only gives the payment key then
semisol
npub122…cgrkj
2025-06-01 11:30:09
in reply to nevent1q…c75v
Author Public Key
npub12262qa4uhw7u8gdwlgmntqtv7aye8vdcmvszkqwgs0zchel6mz7s6cgrkjPublished at
2025-06-01 11:30:09Event JSON
{
"id": "4ac39641caeb413f5c3b5fcaf5acdfb54040133d80d7e8f52fe076b919387276",
"pubkey": "52b4a076bcbbbdc3a1aefa3735816cf74993b1b8db202b01c883c58be7fad8bd",
"created_at": 1748777409,
"kind": 1,
"tags": [
[
"e",
"b16cdf542985109bb0755dd1950668a17b9c63ba8b2635105e0bfefa0b2cbb88",
"wss://relay.damus.io/",
"root"
],
[
"e",
"71bf4f3cb61de632fad621ded68bc45b996a2f3f060cd5e72530b647acd17731",
"wss://relay.noswhere.com/",
"reply",
"52b4a076bcbbbdc3a1aefa3735816cf74993b1b8db202b01c883c58be7fad8bd"
],
[
"p",
"1bc70a0148b3f316da33fe3c89f23e3e71ac4ff998027ec712b905cd24f6a411"
],
[
"p",
"52b4a076bcbbbdc3a1aefa3735816cf74993b1b8db202b01c883c58be7fad8bd",
"wss://relay.noswhere.com/"
],
[
"client",
"noStrudel",
"31990:266815e0c9210dfa324c6cba3573b14bee49da4209a9456f9484e5106cd408a5:1686066542546"
]
],
"content": "unfortunately very easy\n\nthe issue is that the payment key can be derived without paying (as the event has all the data needed). to fix this you need a server that verifies the payment and only gives the payment key then",
"sig": "3285a80282e0de084af0a7e0b9651782b6a9968e16e0d6eeee9652fd283ced82833c8717046055c316453b646df3d053a15b813d5236ac1c395446b0f3bff3c6"
}