Critical-risk tools in Zbd
15 of the 36 tools in Zbd are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
revoke_vouchersDestructiveRevoke Voucher
-
create_charge_gamertagsFinancialGenerate a payment request for a ZBD User.
-
create_charge_lightning_addressFinancialGenerate a payment request for a Lightning Address.
-
create_lightning_chargesFinancialStart receiving instant Bitcoin payments through the ZBD API.
-
create_lightning_static_chargesFinancialStart accepting payments on Lightning with Static QR codes.
-
create_vouchersFinancialCreate Voucher
-
create_withdrawal_requestsFinancialStart creating Bitcoin voucher QR codes.
-
initiate_internal_transferFinancialPerforms a transfer of funds between two Projects.
-
invoke_api_endpointFinancialInvoke an endpoint in the Zbd Payments TypeScript API. Note: use the
-
redeem_vouchersFinancialRedeem Voucher
-
send_email_paymentsFinancialSend instant Bitcoin payments to any email.
-
send_keysend_paymentsFinancialStart sending Keysend payments on the Lightning Network.
-
send_lightning_paymentsFinancialStart sending instant Bitcoin payments through the ZBD API.
-
send_payment_gamertagsFinancialSend instant Bitcoin payments to ZBD Users.
-
send_payment_lightning_addressFinancialSend instant Bitcoin payments to any Lightning Address.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.