From dff4fadc9c3e782095993b4b0f3cb2ec6c1cc0a9 Mon Sep 17 00:00:00 2001
From: Rafael Taranto <rafael.taranto@protonmail.com>
Date: Tue, 27 May 2025 13:52:29 +0100
Subject: [PATCH] chore: clarify requirements on comment

---
 packages/server/lib/cash-in/cash-in-tx.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/packages/server/lib/cash-in/cash-in-tx.js b/packages/server/lib/cash-in/cash-in-tx.js
index 1b987754..e454efa5 100644
--- a/packages/server/lib/cash-in/cash-in-tx.js
+++ b/packages/server/lib/cash-in/cash-in-tx.js
@@ -195,8 +195,11 @@ function postProcess(r, pi, isBlacklisted, addressReuse, walletScore) {
     })
 }
 
+// This feels like it can be simplified,
+// but it's the most concise query to express the requirement and its edge cases.
 // At most only one authenticated customer can use an address.
-// We count distinct customers plus the current customer if they are not anonymous
+// If the current customer is anon, we can still allow one other customer to use the address,
+// So we count distinct customers plus the current customer if they are not anonymous.
 // To prevent malicious blocking of address, we only check for txs with actual fiat
 function doesTxReuseAddress(tx) {
   const sql = `