It's possible to override existing operational address when calling change_operational_address

[h33333333]

There is a check in stake that ensures that provided operational_address is not used by any other staker:

starknet-staking/workspace/apps/staking/contracts/src/staking/staking.cairo

Lines 145 to 148 in f757b87

	assert_with_err(
	self.operational_address_to_staker_address.read(operational_address).is_zero(),
	Error::OPERATIONAL_EXISTS
	);

but this check is missing in change_operational_address which can lead to operational address override if operational_address was already in use by some other staker:

starknet-staking/workspace/apps/staking/contracts/src/staking/staking.cairo

Lines 425 to 435 in f757b87

	self.general_prerequisites();
	self.roles.only_operator();
	let staker_address = get_tx_info().account_contract_address;
	let mut staker_info = self.get_staker_info(:staker_address);
	self
	.operational_address_to_staker_address
	.write(staker_info.operational_address, Zero::zero());
	let old_address = staker_info.operational_address;
	staker_info.operational_address = operational_address;
	self.staker_info.write(staker_address, Option::Some(staker_info));
	self.operational_address_to_staker_address.write(operational_address, staker_address);

[alon-f]

Thanks! Acking and updating this was fixed about a month ago.

[h33333333]

Great, thanks!
Please close this issue once you update the version.