Address is 160 bits, public key is 256 bits (Compressed public keys are 33 bytes[...]. The older uncompressed keys are 65 bytes (
Source)), correct? This means there's obvious duplication.
Now, question is:-
If someone receives money on address A, then uses keypair B to spend the money on address A, then receives some more money to address A, can keypair C (Assuming RIPEMD-160 of the public key hashed to the same thing) then spend the money on address A, even though keypair B has already been 'registered' in the blockchain? Is there any validation? Or, is it simply "looks good, let's go"?
Obviously, this isn't a threat as the chances are insanely low, but, just wondering.