From e5afa562323a50406d9c7394ea770461107b92b2 Mon Sep 17 00:00:00 2001
From: David Lutterkort <lutter@watzmann.net>
Date: Thu, 11 Jan 2024 16:25:41 -0800
Subject: [PATCH] graph: Disallow grafts within the reorg threshold

Fixes https://github.com/graphprotocol/graph-node/issues/5131
---
 graph/src/data/subgraph/mod.rs | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/graph/src/data/subgraph/mod.rs b/graph/src/data/subgraph/mod.rs
index 6d90de519a3..f6f36a8b86b 100644
--- a/graph/src/data/subgraph/mod.rs
+++ b/graph/src/data/subgraph/mod.rs
@@ -491,6 +491,19 @@ impl Graft {
                 "failed to graft onto `{}` at block {} since it has only processed block {}",
                 self.base, self.block, ptr.number
             ))),
+            // The graft point must be at least `reorg_threshold` blocks
+            // behind the subgraph head so that a reorg can not affect the
+            // data that we copy for grafting
+            //
+            // This is pretty nasty: we have tests in the subgraph runner
+            // tests that graft onto the subgraph head directly. We
+            // therefore skip this check in debug builds and only turn it on
+            // in release builds
+            #[cfg(not(debug_assertions))]
+            (Some(ptr), true) if self.block + ENV_VARS.reorg_threshold >= ptr.number => Err(GraftBaseInvalid(format!(
+                "failed to graft onto `{}` at block {} since it's only at block {} which is within the reorg threshold of {} blocks",
+                self.base, self.block, ptr.number, ENV_VARS.reorg_threshold
+            ))),
             // If the base deployment is failed *and* the `graft.block` is not
             // less than the `base.block`, the graft shouldn't be permitted.
             //