A miner can change commitment after a user reserves but before the user confirms.
Problem:
The confirm handler trusts live commitment data instead of a reservation snapshot.
Impact:
A user can reserve using address A, send funds to A, then fail confirmation because the miner rotated to address B; the contract never initiates, but the miner has already received the user’s funds off-chain.
A miner can change commitment after a user reserves but before the user confirms.
Problem:
The confirm handler trusts live commitment data instead of a reservation snapshot.
Impact:
A user can reserve using address A, send funds to A, then fail confirmation because the miner rotated to address B; the contract never initiates, but the miner has already received the user’s funds off-chain.