How tipping and marketing miniapps could be exploited by attackers for financial gain.

How tipping and marketing miniapps could be exploited by attackers for financial gain.

https://blog.vrypan.net/2025/05/28/social-attacks-with-monetary-value/

Dad, geek, conversation liquidity provider. vrypan.net (home), @l--o--l (fun). devcoin:$lemon3

The app keys attack is why I never want to add a new key from a mini app. Iirc this exact style of attack happened with tipping from an app before? Where the dev basically consumed the allowance for you via casting tips that you weren't going to use anyway or something. Maybe someone else remembers better than me

I don't think it has happened. 

I'm also concerned about signers. That's why I created fcp.

Oh, it once happened by mistake, where there was a cast sent out that did not belong to the user, or something like that.