Documentation

Check for double satisfaction vulnerabilities.

For a transaction with a public key output to an address (the victim) other than the signer (the attacker),

• if you cannot redirect (the Ada from) the victim to the attacker, i.e. there is a script that care about the output to the victim,
• but it validates when you bundle the redirected transaction with a "safe script" that spends the same amount to the victim, tagging the output with a unique datum,

then we have found a double satisfaction vulnerability in the script that stopped the first modified transaction.