1
0
forked from GRIN/grim
Claude 413746dde3 Build 21: harden the client — NIP-05 gate, hostname validation, avatar limits
From a security audit of our own nostr/identity code (no P0/P1 found; these
close the P2 hardening gaps):
- NIP-05: only goblin.st identities skip the "pay an unverified key?" gate.
  A third-party domain's well-known could point at any key, so those now route
  through the same confirm gate as a bare npub.
- NIP-05: validate the domain as a bare hostname before building the
  well-known URL — closes a path/host-smuggling (SSRF-over-Tor) vector.
- Avatars: decode server-fed bytes under explicit image Limits (<=1024 px,
  8 MiB) so a hostile or breached avatar host can't exhaust memory on the
  texture path.

34 lib tests green (incl. new hostname-rejection cases).
2026-06-11 22:55:09 -04:00
2026-03-10 02:02:15 +03:00
2026-05-03 10:05:03 +03:00
2026-02-18 13:38:11 +00:00
2026-02-18 13:38:11 +00:00
2024-04-14 14:04:34 +03:00

Grim

Cross-platform GUI for GRiN ツ in Rust for maximum compatibility with original Mimblewimble implementation. Initially supported platforms are Linux, Mac, Windows, limited Android and possible web support with help of egui - immediate mode GUI library in pure Rust.

Named by the character Grim - the shape of a large, black, menacing, spectral giant dog.

image

Build instructions

Install Rust

Follow instructions on Windows.

curl https://sh.rustup.rs -sSf | sh

Desktop

To build and run application go to project directory and run:

git submodule update --init --recursive
cargo build --release
./target/release/grim

Android

Set up the environment

Install Android SDK / NDK / Platform Tools for your OS according to this FAQ.

Build the project

Run Android emulator or connect a real device. Command adb devices should show at least one device. In the root of the repo run ./scripts/android.sh build|release v7|v8|x86, where is v7, v8, x86 - device CPU architecture for build type, for release specify version number in format major.minor.patch.

License

Apache License v2.0.

Credits

Goblin — the Cash App-style, Nostr-native payments experience layered on top of this wallet (end-to-end encrypted NIP-17 payments over Tor, in-app identity, and the goblin.st identity service) — was designed and built with development assistance from Claude (Anthropic).

The underlying cross-platform grin wallet is the upstream Grim project.

S
Description
No description provided
Readme Apache-2.0 26 MiB
Languages
Rust 95.9%
Java 2.7%
Shell 1.3%
Python 0.1%