The onlyPayerOrRecipient() modifier verifies that the function where this modifier is implemented can only be called by an address which is recipient() and payer() and in case the address that calls the function is only recipient() or payer() This function will throw the error CallerNotPayerOrRecipient() since the modifier requires that these two roles be met: recipient() and payer().
Impact
In the functions where the modifier such as withdraw and cancel is implemented, in case a person only has the role of recipient() or payer() they will not be able to call any of these functions due to the restriction of the modifier that requires that they be fulfilled the two requirements of both payer() and recipient()
francoHacker
unlabeled
modifier
Summary
Vulnerability Detail
The onlyPayerOrRecipient() modifier verifies that the function where this modifier is implemented can only be called by an address which is recipient() and payer() and in case the address that calls the function is only recipient() or payer() This function will throw the error CallerNotPayerOrRecipient() since the modifier requires that these two roles be met: recipient() and payer().
Impact
In the functions where the modifier such as withdraw and cancel is implemented, in case a person only has the role of recipient() or payer() they will not be able to call any of these functions due to the restriction of the modifier that requires that they be fulfilled the two requirements of both payer() and recipient()
Code Snippet
modifier onlyPayerOrRecipient() { if (msg.sender != recipient() && msg.sender != payer()) { revert CallerNotPayerOrRecipient(); }
Tool used
Manual Review
Recommendation
change the sentences if (msg.sender != recipient() && msg.sender != payer()) to if (msg.sender != recipient() || msg.sender != payer())