Skip to content

fix(SortitionModule): fix staking logic and remove instant staking #2004

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: dev
Choose a base branch
from

Conversation

unknownunknown1
Copy link
Contributor

@unknownunknown1 unknownunknown1 commented May 20, 2025

PR-Codex overview

This PR focuses on refactoring the staking mechanism in the Kleros arbitration system, introducing a new Delayed staking result, and streamlining the handling of stakes without transferring tokens prematurely.

Detailed summary

  • Added Delayed to StakingResult enum.
  • Renamed setStake to validateStake in ISortitionModule.
  • Updated setStake methods to remove _alreadyTransferred parameter.
  • Introduced withdrawLeftoverPNK function.
  • Updated event emissions for delayed stakes.
  • Removed deprecated events and parameters.
  • Adjusted logic to ensure locked tokens remain during staking operations.
  • Improved handling of juror balances and stakes across contracts.

The following files were skipped due to too many changes: contracts/test/foundry/KlerosCore.t.sol

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

Summary by CodeRabbit

  • New Features

    • Added per-court context to stake locking, unlocking, penalization, and validation processes.
    • Introduced a new delayed staking status to better handle stake changes during non-staking phases.
    • Enabled jurors to withdraw leftover tokens if no coherent jurors remain after penalties.
    • Consolidated multiple delayed stake events into a single unified event for clearer tracking.
  • Improvements

    • Simplified delayed stake handling by removing deprecated parameters and conditional logic.
    • Enhanced penalty accounting to use actual penalties applied and improved juror inactivity handling.
    • Streamlined stake validation by separating validation from actual stake setting.
    • Removed redundant token transfers when jurors fully unstake.
    • Updated juror eligibility checks to rely solely on single-draw restrictions, removing stake sufficiency conditions.
  • Bug Fixes

    • Corrected token balance and staking state updates during delayed staking, drawing, and execution phases.
    • Fixed juror draw eligibility to prevent erroneous stake-based restrictions.
  • Tests

    • Expanded and refined test coverage for delayed staking, penalties, rewards, juror draw eligibility, and leftover token withdrawals.

Copy link
Contributor

coderabbitai bot commented May 20, 2025

Walkthrough

This update refactors staking and penalty logic across arbitration contracts by removing the deprecated _alreadyTransferred parameter, introducing a stake validation step before setting stakes, adding court-specific parameters to stake locking, unlocking, and penalization functions, simplifying delayed stake management, and adjusting penalty and reward execution. Interfaces, ABIs, subgraphs, and tests are updated accordingly.

Changes

File(s) Change Summary
contracts/src/arbitration/KlerosCoreBase.sol, KlerosCoreNeo.sol, KlerosCoreUniversity.sol Removed _alreadyTransferred parameter from setStake functions, added stake validation step, added courtID to stake lock/unlock/penalize calls, updated penalty and reward logic.
contracts/src/arbitration/SortitionModuleBase.sol, SortitionModuleNeo.sol, SortitionModuleUniversity.sol Removed deprecated delayed stake logic and fields, renamed setStake to validateStake with extended return values, added new setStake function, added courtID parameters to locking/unlocking/penalizing functions, simplified delayed stake handling, added new events and modifiers.
contracts/src/arbitration/dispute-kits/DisputeKitClassicBase.sol Simplified _postDrawCheck by removing stake sufficiency checks, relying only on single-draw-per-juror restriction.
contracts/src/arbitration/interfaces/ISortitionModule.sol Updated setStake to validateStake with new return values, added new setStake function, added courtID parameters to lockStake, unlockStake, and penalizeStake with updated return values.
contracts/src/libraries/Constants.sol Added new Delayed variant to StakingResult enum.
contracts/test/foundry/KlerosCore.t.sol Updated tests to reflect unified delayed stake event, new penalty and reward logic, removed deprecated tests, added new tests for unstaking and leftover PNK withdrawal.
subgraph/core-neo/abi-migrations/SortitionModuleNeo.json Removed deprecated events and fields, simplified event signatures, added new function outputs, added withdrawLeftoverPNK function.
subgraph/core-neo/subgraph.yaml Consolidated multiple delayed stake event handlers into a single handler for unified StakeDelayed event.
subgraph/core/abi-migrations/SortitionModule.json Cleaned ABI by removing deprecated events and functions, updated event signatures and function outputs, added constructor.
subgraph/core/src/SortitionModule.ts Removed multiple delayed stake event handlers, added single unified handler for StakeDelayed event.
subgraph/core/subgraph.yaml Consolidated delayed stake event handlers into one unified handler.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant KlerosCore
    participant SortitionModule

    User->>KlerosCore: setStakeBySortitionModule(account, courtID, newStake)
    KlerosCore->>SortitionModule: validateStake(account, courtID, newStake)
    SortitionModule-->>KlerosCore: (pnkDeposit, pnkWithdrawal, actualNewStake, StakingResult)
    alt StakingResult == Delayed
        KlerosCore-->>User: return early (true)
    else
        KlerosCore->>SortitionModule: setStake(account, courtID, actualNewStake)
    end
Loading
sequenceDiagram
    participant KlerosCore
    participant SortitionModule

    KlerosCore->>SortitionModule: penalizeStake(account, courtID, relativeAmount)
    SortitionModule-->>KlerosCore: (pnkBalance, availablePenalty)
    KlerosCore->>KlerosCore: update penalty accounting, set juror inactive if needed
Loading
sequenceDiagram
    participant User
    participant SortitionModule

    User->>SortitionModule: withdrawLeftoverPNK(account)
    SortitionModule-->>User: Transfer leftover PNK, emit event
Loading

Possibly related PRs

Suggested labels

Type: Enhancement :sparkles:, Package: Subgraph

Suggested reviewers

  • unknownunknown1

Poem

🐇 Hop, hop, hooray! The stakes are new,
No flags to drag, no old to-do.
Delayed no more, the tokens wait,
Jurors locked in courtly state.
Penalties counted, rewards in sight,
Justice hops on, swift and bright!
🌿✨🐰


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai or @coderabbitai title anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🔭 Outside diff range comments (1)
contracts/src/arbitration/university/SortitionModuleUniversity.sol (1)

238-248: ⚠️ Potential issue

Function signature updated but missing return values

While the function signature has been updated to match the interface, the function doesn't actually set or return the declared values pnkBalance and availablePenalty. This needs to be fixed to properly implement the interface.

Update the function to return the required values:

function penalizeStake(
    address _account,
    uint256 _relativeAmount
) external override onlyByCore returns (uint256 pnkBalance, uint256 availablePenalty) {
    Juror storage juror = jurors[_account];
    if (juror.stakedPnk >= _relativeAmount) {
        juror.stakedPnk -= _relativeAmount;
+       availablePenalty = _relativeAmount;
    } else {
+       availablePenalty = juror.stakedPnk;
        juror.stakedPnk = 0; // stakedPnk might become lower after manual unstaking, but lockedPnk will always cover the difference.
    }
+   pnkBalance = juror.stakedPnk;
+   return (pnkBalance, availablePenalty);
}
🧹 Nitpick comments (12)
contracts/src/arbitration/university/SortitionModuleUniversity.sol (1)

264-265: Empty implementation of withdrawLeftoverPNK

This is an empty implementation of the required interface function. While technically compliant with the interface, this implementation doesn't actually withdraw any leftover PNK. If this is intentional for the University module, consider adding a comment explaining why.

Consider adding a clarifying comment:

-function withdrawLeftoverPNK(address _account) external override {}
+function withdrawLeftoverPNK(address _account) external override {
+    // No implementation needed for University module as it doesn't track leftover PNK
+}
contracts/src/arbitration/KlerosCoreBase.sol (2)

474-482: Deprecate the unused _alreadyTransferred parameter to save deployment & call gas

setStakeBySortitionModule keeps the parameter in the ABI but never uses it (/* _alreadyTransferred */).
If no externally-deployed SortitionModule still relies on the 4-argument signature, consider removing the parameter entirely (and adjusting the interface) or adding a dedicated deprecated overload to keep backwards compatibility. Eliminating the dead parameter shaves 3-5 gas per call and simplifies the API.


1083-1099: Follow-up: remove deprecated boolean in call to setStake

sortitionModule.setStake(..., false) passes a hard-coded value that is now unused.
After cleaning up the interface (see comment above), this fourth argument and the trailing comment can be dropped to avoid confusion:

-        (uint256 pnkDeposit, uint256 pnkWithdrawal, StakingResult stakingResult) = sortitionModule.setStake(
-            _account,
-            _courtID,
-            _newStake,
-            false // Unused parameter.
-        );
+        (uint256 pnkDeposit, uint256 pnkWithdrawal, StakingResult stakingResult) =
+            sortitionModule.setStake(_account, _courtID, _newStake);
contracts/test/foundry/KlerosCore.t.sol (5)

1019-1026: Clarify assertion description to match the expected flag value

alreadyTransferred is asserted to be false, yet the accompanying message says “Should be flagged as transferred”.
This wording is confusing because a value of false actually means “not transferred”. Renaming the
message to something like “Should be not flagged as transferred” (or the opposite, depending on the intended
semantics) will prevent mis-interpretation when the test fails.


1094-1119: Replace magic numbers with expressions for better readability & resilience

The balance assertions use large hard-coded literals such as
999999999999998200.
Although they are numerically correct (1 ether - 1800), the intent is obscured and any future change
to the staked amount will require hunting down and editing multiple constants.

Consider computing the expected value on-the-fly, e.g.

uint256 expected = 1 ether - 1_800;
assertEq(pinakion.balanceOf(staker1), expected, "Wrong token balance of staker1");

or even

assertEq(
    pinakion.balanceOf(staker1),
    1 ether - (1500 /* first stake */ + 300 /* diff */),
    "Wrong token balance of staker1"
);

This keeps the arithmetic obvious, avoids copy-paste mistakes, and makes the test less brittle.


1203-1210: Impersonating the Core to self-transfer can hide real-world constraints

vm.prank(address(core)); pinakion.transfer(governor, 10000); works in the
unit test, but in production KlerosCore has no such method and cannot trigger ERC-20 transfer
directly. If the goal is only to zero the Core’s balance, consider minting a fresh token or using
deal(address(pinakion), address(core), 0) (forge cheat-code) instead.

This keeps the test closer to real behaviour and avoids accidentally relying on “the contract calls
transfer on itself”
paths that will never exist on-chain.


2454-2510: Hard-coded iteration counts & stake figures make new tests brittle

core.execute(disputeID, 0, 6) assumes that exactly six repartition iterations are always required.
The actual number depends on internal constants such as DEFAULT_NB_OF_JURORS, future changes to
penalty logic, or even gas-cap tweaks. The same applies to the literal 3000 penalty math and the
final balance check for a full 1 ether.

Suggestion:

uint256 iterations = DEFAULT_NB_OF_JURORS * 2; // worst-case upper bound
core.execute(disputeID, 0, iterations);

and compute expected balances from recorded pre-/post-state instead of fixed literals.
Doing so will prevent spurious failures when business rules evolve while preserving
the intent of proving “juror becomes insolvent and is automatically unstaked”.


2532-2574: Leverage helper functions to minimise duplicated balance assertions

withdrawLeftoverPNK is tested with a long sequence of assertEq calls that
repeat the “balance before / after” pattern already present in several other stake-related tests.
Extracting a small internal helper:

function _assertPnkBalances(
    uint256 coreBal,
    uint256 jurorBal,
    string memory msgSuffix
) internal {
    assertEq(pinakion.balanceOf(address(core)), coreBal, string.concat("Core ", msgSuffix));
    assertEq(pinakion.balanceOf(staker1), jurorBal, string.concat("Juror ", msgSuffix));
}

and re-using it across the suite will reduce noise, ease future refactors, and make the intent of
each check clearer.

contracts/src/arbitration/SortitionModuleBase.sol (4)

69-72: Consider explicitly annotating deprecated storage to reduce cognitive overhead

latestDelayedStakeIndex is kept for storage-layout compatibility, but it now serves no functional purpose.
Adding an /// @deprecated NatSpec tag (or // DEPRECATED: kept for storage-layout) immediately above the declaration would make the intent clearer to future maintainers and external auditors.


84-100: Mark legacy events with @deprecated to avoid accidental reuse

The three StakeDelayed* events are retained but unused. Emitting them elsewhere by mistake would silently revive dead semantics.
Consider:

-/// @notice DEPRECATED Emitted when a juror's stake is delayed and tokens are not transferred yet.
+/// @deprecated Replaced by `StakeDelayed`. Kept for ABI compatibility with historic logs.

Doing so on all three legacy events keeps the ABI unchanged while signalling that integrators should subscribe only to StakeDelayed.


242-253: Guard against zero-iteration calls in executeDelayedStakes

Passing _iterations == 0 wastes gas and returns silently. A tiny require improves UX and prevents accidental no-op transactions:

 function executeDelayedStakes(uint256 _iterations) external {
     require(phase == Phase.staking, "Should be in Staking phase.");
     require(delayedStakeWriteIndex >= delayedStakeReadIndex, "No delayed stake to execute.");
+    require(_iterations > 0, "Iterations must be > 0");

411-423: Minor polish for withdrawLeftoverPNK

  1. The function is callable by anyone for any _account, which is harmless but unusual.
    If the goal is to let third parties “dust-sweep” for jurors, document this explicitly; otherwise consider require(msg.sender == _account, "Only juror");.

  2. Replace the if / else { revert(...) } pattern with a single require to save gas and keep style consistent:

-function withdrawLeftoverPNK(address _account) external override {
+function withdrawLeftoverPNK(address _account) external override {
     Juror storage juror = jurors[_account];
-    if (juror.stakedPnk > 0 && juror.courtIDs.length == 0 && juror.lockedPnk == 0) {
-        ...
-    } else {
-        revert("Not eligible for withdrawal.");
-    }
+    require(
+        juror.stakedPnk > 0 && juror.courtIDs.length == 0 && juror.lockedPnk == 0,
+        "Not eligible for withdrawal"
+    );
+    ...
 }
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1ca9066 and d876e24.

📒 Files selected for processing (7)
  • contracts/src/arbitration/KlerosCoreBase.sol (4 hunks)
  • contracts/src/arbitration/SortitionModuleBase.sol (8 hunks)
  • contracts/src/arbitration/SortitionModuleNeo.sol (2 hunks)
  • contracts/src/arbitration/dispute-kits/DisputeKitClassicBase.sol (2 hunks)
  • contracts/src/arbitration/interfaces/ISortitionModule.sol (2 hunks)
  • contracts/src/arbitration/university/SortitionModuleUniversity.sol (2 hunks)
  • contracts/test/foundry/KlerosCore.t.sol (10 hunks)
⏰ Context from checks skipped due to timeout of 90000ms (3)
  • GitHub Check: Analyze (javascript)
  • GitHub Check: SonarCloud
  • GitHub Check: contracts-testing
🔇 Additional comments (9)
contracts/src/arbitration/dispute-kits/DisputeKitClassicBase.sol (1)

609-630: Simplified juror eligibility check improves code clarity

The _postDrawCheck function has been simplified to only check if the juror has already been drawn when singleDrawPerJuror is enabled, removing previous stake sufficiency checks. This aligns with the broader refactoring to simplify staking logic across the arbitration system.

contracts/src/arbitration/interfaces/ISortitionModule.sol (2)

30-34: Enhanced penalty accounting with detailed return values

The updated return signature for penalizeStake now provides more detailed information by returning both the juror's updated PNK balance and the actual penalty applied. This change enables more precise accounting of penalties in the core arbitration contract.


52-53: New function for withdrawing leftover PNK tokens

This new function enables jurors to withdraw any remaining PNK tokens after fully unstaking and clearing their locked tokens, improving the user experience by ensuring no funds are trapped in the contract.

contracts/src/arbitration/SortitionModuleNeo.sol (3)

87-92: Properly marking deprecated parameter

The _alreadyTransferred parameter has been marked as unused with a comment, clearly indicating its deprecation as part of removing instant staking functionality.


97-104: Simplified conditional logic for stake increases

The conditional logic has been streamlined to only check maximum stake limits when the stake is being increased, making the code more focused and easier to understand.


112-117: Explicit handling of deprecated parameter

The code now explicitly passes false for the deprecated _alreadyTransferred parameter with a clarifying comment, ensuring proper handling while maintaining compatibility with the base contract.

contracts/src/arbitration/KlerosCoreBase.sol (1)

789-803: Double-unlock edge case: verify that unlocked but un-penalised PNK cannot be withdrawn

The flow is:

  1. unlockStake(account, penalty);
  2. penalizeStake(account, penalty) → returns availablePenalty (may be < penalty).

If the juror’s locked stake is smaller than penalty, the surplus tokens get unlocked in step 1 but are not slashed in step 2, letting the juror immediately withdraw them-–potentially rewarding under-collateralised behaviour.

Please confirm that sortitionModule.unlockStake prevents unlocking more than currently locked or that penalizeStake internally adjusts the unlocked amount. If not, swap the order (penalise first, then unlock the actual availablePenalty) or unlock only availablePenalty.

contracts/src/arbitration/SortitionModuleBase.sol (2)

327-334: Double-check tree consistency when withdrawals are limited by locked PNK

If lockedPnk prevents a full withdrawal, pnkWithdrawal is trimmed but _newStake remains unchanged.
This deliberately produces “left-over” PNK that can later be withdrawn via withdrawLeftoverPNK, so it may be correct by design.
However, it temporarily breaks the invariant juror.stakedPnk == Σ(tree stakes) until the leftover is withdrawn.

Please verify that all downstream logic (drawing, penalties, etc.) tolerates this mismatch; otherwise consider updating _newStake after trimming:

-    // _newStake is still the user-requested target (might be < effective stake)
+    // Align stake recorded in the tree with the actual post-withdrawal amount.
+    _newStake = currentStake - pnkWithdrawal;

372-389: Potential invariant break: lockedPnk can exceed stakedPnk after penalties

penalizeStake reduces stakedPnk but never touches lockedPnk.
If lockedPnk > stakedPnk afterwards, subsequent calls to unlockStake could underflow or leave stakedPnk negative in intent (though uint256 prevents it).

Please confirm that lockedPnk ≤ stakedPnk is not relied upon elsewhere (e.g., when drawing, displaying balances, or executing further penalties).
An inexpensive safeguard could be:

assert(juror.stakedPnk >= juror.lockedPnk);

or clamping the penalty to stakedPnk - lockedPnk.

Comment on lines 483 to 490
/// @dev Transfers PNK to the juror by SortitionModule.
/// @param _account The account of the juror whose PNK to transfer.
/// @param _amount The amount to transfer.
function transferBySortitionModule(address _account, uint256 _amount) external {
if (msg.sender != address(sortitionModule)) revert SortitionModuleOnly();
// Note eligibility is checked in SortitionModule.
pinakion.safeTransfer(_account, _amount);
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Emit an event for PNK moved via transferBySortitionModule

transferBySortitionModule performs an external token transfer but leaves no on-chain trace inside Core.
For transparency, accounting and easier off-chain indexing, emit a lightweight event such as:

+ event SortitionPNKTransfer(address indexed account, uint256 amount);
...
 function transferBySortitionModule(address _account, uint256 _amount) external {
     if (msg.sender != address(sortitionModule)) revert SortitionModuleOnly();
     pinakion.safeTransfer(_account, _amount);
+    emit SortitionPNKTransfer(_account, _amount);
 }

This incurs negligible gas yet gives jurors and auditors full visibility.

🤖 Prompt for AI Agents
In contracts/src/arbitration/KlerosCoreBase.sol around lines 483 to 490, the
function transferBySortitionModule transfers PNK tokens without emitting any
event, which reduces transparency and traceability. Add an event declaration for
PNK transfers by the SortitionModule and emit this event inside the function
after the safeTransfer call, including the recipient address and the amount
transferred to provide on-chain visibility and facilitate off-chain indexing.

Copy link

netlify bot commented May 20, 2025

Deploy Preview for kleros-v2-testnet ready!

Name Link
🔨 Latest commit 3faccb6
🔍 Latest deploy log https://app.netlify.com/projects/kleros-v2-testnet/deploys/684a528e6909be000810786e
😎 Deploy Preview https://deploy-preview-2004--kleros-v2-testnet.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

Copy link

netlify bot commented May 20, 2025

Deploy Preview for kleros-v2-university failed. Why did it fail? →

Name Link
🔨 Latest commit 3faccb6
🔍 Latest deploy log https://app.netlify.com/projects/kleros-v2-university/deploys/684a528e67d8550008d0102f

Copy link

netlify bot commented May 20, 2025

Deploy Preview for kleros-v2-testnet-devtools ready!

Name Link
🔨 Latest commit 3faccb6
🔍 Latest deploy log https://app.netlify.com/projects/kleros-v2-testnet-devtools/deploys/684a528e0b14e5000820d6ce
😎 Deploy Preview https://deploy-preview-2004--kleros-v2-testnet-devtools.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

Copy link

netlify bot commented May 20, 2025

Deploy Preview for kleros-v2-neo ready!

Name Link
🔨 Latest commit 3faccb6
🔍 Latest deploy log https://app.netlify.com/projects/kleros-v2-neo/deploys/684a528ec2678c0008d6981d
😎 Deploy Preview https://deploy-preview-2004--kleros-v2-neo.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🔭 Outside diff range comments (1)
subgraph/core/abi-migrations/SortitionModule.json (1)

823-843: 💡 Verification agent

🧩 Analysis chain

Invalid unnamed boolean input in setStake
The input list for setStake still contains an unnamed bool parameter (formerly _alreadyTransferred), which is invalid in the ABI and will break code generation. You should either remove this entry entirely or assign it a proper name to match the contract signature.

Apply this diff to remove it:

--- before
         {
           "internalType": "bool",
-          "name": "",
+          "name": "",         // <–– remove this block if the parameter is deprecated
           "type": "bool"
         }
--- after
 // block removed

🏁 Script executed:

#!/usr/bin/env bash
# Extract the full ABI entry for the `setStake` function to verify its inputs
jq '.[] | select(.name == "setStake")' subgraph/core/abi-migrations/SortitionModule.json

Length of output: 198


🏁 Script executed:

#!/usr/bin/env bash
# Attempt to extract the `setStake` entry from the ABI
jq '.abi[] | select(.name=="setStake")' subgraph/core/abi-migrations/SortitionModule.json \
  || rg -n '"name": "setStake"' -A 10 -B 10 subgraph/core/abi-migrations/SortitionModule.json

Length of output: 984


🏁 Script executed:

#!/usr/bin/env bash
# Locate the Solidity definition of setStake to confirm the parameter name
rg -n "function setStake" -g "*.sol" -C 3

Length of output: 6473


Remove Invalid Unnamed Boolean from setStake ABI
The ABI for setStake currently includes a fourth, unnamed bool parameter that isn’t part of the contract’s external signature (address, uint96, uint256 only). This extra input breaks codegen and must be removed.

• File: subgraph/core/abi-migrations/SortitionModule.json (inputs around lines 823–843)
• Function: setStake(address _account, uint96 _courtID, uint256 _newStake)

Apply this diff to drop the stray boolean block:

--- a/subgraph/core/abi-migrations/SortitionModule.json
+++ b/subgraph/core/abi-migrations/SortitionModule.json
@@ -823,10 +823,6 @@
         {
           "internalType": "uint256",
           "name": "_newStake",
           "type": "uint256"
         },
-        {
-          "internalType": "bool",
-          "name": "",
-          "type": "bool"
-        },
         {
           "internalType": "uint256",
           "name": "pnkDeposit",
           "type": "uint256"
         },
🧹 Nitpick comments (2)
subgraph/core/abi-migrations/SortitionModule.json (2)

67-81: Added LeftoverPNKWithdrawn event
Introduces the LeftoverPNKWithdrawn(address _account, uint256 _amount) event for leftover PNK withdrawals. Make sure your subgraph’s GraphQL schema and mapping handlers are updated to index this new event.


954-961: New withdrawLeftoverPNK function
Adds withdrawLeftoverPNK(address _account) for direct PNK withdrawals. Update any subgraph custom handlers or scripts that invoke this function if you intend to index these calls.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d876e24 and d128f10.

📒 Files selected for processing (6)
  • subgraph/core-neo/abi-migrations/SortitionModuleNeo.json (6 hunks)
  • subgraph/core-neo/subgraph.yaml (1 hunks)
  • subgraph/core/abi-migrations/SortitionModule.json (7 hunks)
  • subgraph/core/src/SortitionModule.ts (1 hunks)
  • subgraph/core/subgraph.yaml (1 hunks)
  • subgraph/temp-older-events-addition.txt (1 hunks)
✅ Files skipped from review due to trivial changes (1)
  • subgraph/temp-older-events-addition.txt
⏰ Context from checks skipped due to timeout of 90000ms (7)
  • GitHub Check: Redirect rules - kleros-v2-testnet-devtools
  • GitHub Check: Header rules - kleros-v2-testnet-devtools
  • GitHub Check: Pages changed - kleros-v2-testnet-devtools
  • GitHub Check: Redirect rules - kleros-v2-testnet
  • GitHub Check: Header rules - kleros-v2-testnet
  • GitHub Check: Pages changed - kleros-v2-testnet
  • GitHub Check: contracts-testing
🔇 Additional comments (14)
subgraph/core/subgraph.yaml (1)

162-163: LGTM! Event consolidation simplifies the handling logic.

The consolidation of multiple StakeDelayed event variants into a single unified event handler aligns well with the contract changes that removed the deprecated _alreadyTransferred parameter. This simplification reduces complexity and maintains consistency across the system.

subgraph/core-neo/subgraph.yaml (1)

161-162: LGTM! Consistent event handling across networks.

The changes mirror those in the core network subgraph, ensuring consistent event handling across both arbitrum-sepolia and arbitrum-one networks. The unified StakeDelayed event signature maintains compatibility while simplifying the codebase.

subgraph/core/src/SortitionModule.ts (2)

1-1: LGTM! Import statement correctly reflects the consolidated events.

The import statement now includes only the necessary events after the consolidation, removing the deprecated variants. This keeps the imports clean and aligned with the contract changes.


7-9: LGTM! Unified handler simplifies event processing.

The single handleStakeDelayed function correctly extracts all necessary parameters (_address, _courtID, _amount) from the consolidated event. This approach eliminates code duplication while maintaining full functionality.

subgraph/core-neo/abi-migrations/SortitionModuleNeo.json (6)

69-80: LGTM! Event rename clarifies its purpose.

The rename from StakeDelayedAlreadyTransferredDeposited to LeftoverPNKWithdrawn makes the event name more descriptive and aligns with its actual functionality of withdrawing leftover PNK tokens.


87-93: LGTM! Simplified NewPhase event reduces complexity.

The NewPhase event now only includes the essential _phase parameter as a uint8 enum, removing unnecessary court ID and amount parameters that were previously included. This simplification makes the event more focused and easier to handle.


117-118: LGTM! Consolidated StakeDelayed event improves consistency.

The unified StakeDelayed event with indexed address and uint96 court ID parameters, along with the uint256 amount, provides a clean interface that eliminates the need for multiple event variants.


742-753: LGTM! Enhanced penalizeStake function provides better accountability.

The updated penalizeStake function now returns both pnkBalance and availablePenalty values, which improves transparency by providing information about the juror's remaining balance and the actual penalty applied. This is valuable for accurate penalty accounting.


885-905: LGTM! setStake function improvements enhance functionality.

The changes to setStake include:

  • Unnamed boolean parameter (formerly _alreadyTransferred) indicating deprecation
  • Additional oldStake return value for better state tracking

These changes improve the function's utility while maintaining backward compatibility through the unnamed parameter.


1024-1037: LGTM! New withdrawLeftoverPNK function adds important functionality.

The addition of withdrawLeftoverPNK function provides jurors with a mechanism to withdraw any remaining PNK tokens after full unstaking. This is an important feature for complete token recovery and aligns with the overall staking logic improvements.

subgraph/core/abi-migrations/SortitionModule.json (4)

4-7: Explicit no-args constructor declared
The ABI now includes a parameterless constructor (type: "constructor") and has removed any fallback/receive entries to align with the updated contract deployment.


87-93: Consolidated NewPhase event
Replaces legacy phase‐related events with a single NewPhase(uint8 _phase) event. Verify that your subgraph mappings now listen to NewPhase instead of the old events.


114-118: Updated StakeDelayed event
All delayed‐stake events have been merged into StakeDelayed(address _address, uint96 _courtID, uint256 _amount). Ensure your subgraph only handles this consolidated event going forward.


679-691: penalizeStake now returns actual balances
The penalizeStake function signature was changed to return (uint256 pnkBalance, uint256 availablePenalty). If your subgraph makes contract calls to this function, update the ABICall definitions accordingly.

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f7591d2 and 994e8f8.

📒 Files selected for processing (6)
  • subgraph/core-neo/abi-migrations/SortitionModuleNeo.json (6 hunks)
  • subgraph/core-neo/subgraph.yaml (1 hunks)
  • subgraph/core/abi-migrations/SortitionModule.json (7 hunks)
  • subgraph/core/src/SortitionModule.ts (1 hunks)
  • subgraph/core/subgraph.yaml (1 hunks)
  • subgraph/temp-older-events-addition.txt (1 hunks)
✅ Files skipped from review due to trivial changes (1)
  • subgraph/temp-older-events-addition.txt
⏰ Context from checks skipped due to timeout of 90000ms (12)
  • GitHub Check: Redirect rules - kleros-v2-testnet-devtools
  • GitHub Check: Header rules - kleros-v2-testnet-devtools
  • GitHub Check: Pages changed - kleros-v2-testnet-devtools
  • GitHub Check: Redirect rules - kleros-v2-university
  • GitHub Check: Redirect rules - kleros-v2-neo
  • GitHub Check: Header rules - kleros-v2-university
  • GitHub Check: Header rules - kleros-v2-neo
  • GitHub Check: Pages changed - kleros-v2-neo
  • GitHub Check: Pages changed - kleros-v2-university
  • GitHub Check: SonarCloud
  • GitHub Check: contracts-testing
  • GitHub Check: Analyze (javascript)
🔇 Additional comments (18)
subgraph/core-neo/subgraph.yaml (1)

161-162: Event handler consolidation looks good.

The consolidation of multiple delayed stake event handlers into a single StakeDelayed event handler simplifies the subgraph configuration and aligns with the contract changes. This improves maintainability and reduces complexity.

subgraph/core/subgraph.yaml (1)

162-163: Consistent event handler consolidation across networks.

The changes maintain consistency with the core-neo configuration, properly consolidating the delayed stake event handlers. This ensures uniform behavior across different network deployments.

subgraph/core/src/SortitionModule.ts (2)

1-1: Import consolidation is correctly implemented.

The import statement has been properly updated to reflect the consolidated event structure, removing the multiple specific delayed stake events in favor of the unified StakeDelayed event.


7-9: Event handler consolidation maintains correct logic.

The unified handleStakeDelayed function properly calls updateJurorDelayedStake with the correct parameters (address, courtID, amount), maintaining the same functionality as the previous separate handlers.

subgraph/core/abi-migrations/SortitionModule.json (8)

4-6: Constructor definition updated correctly.

The constructor has been properly updated to a standard nonpayable constructor with no inputs, removing the previous fallback/receive function structure.


69-69: Event parameter naming standardized.

The parameter naming has been standardized from _address to _account in the LeftoverPNKWithdrawn event, improving consistency across the ABI.

Also applies to: 79-79


87-93: NewPhase event structure improved.

The NewPhase event has been updated with proper enum typing (enum ISortitionModule.Phase) and parameter naming (_phase), which provides better type safety and clarity.


117-117: StakeDelayed event consolidation aligns with contract changes.

The unified StakeDelayed event with parameters (address, uint96, uint256) correctly replaces the multiple variant delayed stake events, simplifying the event structure while maintaining necessary information.


680-691: penalizeStake function returns enhanced penalty information.

The function now returns two values (pnkBalance and availablePenalty) instead of none, providing better transparency into penalty execution and available penalty amounts for reward distribution.


823-823: setStake parameter handling updated.

The deprecated _alreadyTransferred parameter has been removed (parameter name is now empty), aligning with the PR objective to remove instant staking and simplify the staking logic.


839-843: setStake returns additional stake information.

The function now returns an additional oldStake value, providing better visibility into stake changes for external integrations and event processing.


954-961: withdrawLeftoverPNK function properly defined.

The function has been correctly updated from a constructor-type to a regular function with simplified parameters, enabling jurors to withdraw leftover PNK tokens as described in the PR objectives.

subgraph/core-neo/abi-migrations/SortitionModuleNeo.json (6)

67-80: New LeftoverPNKWithdrawn event looks correct
Introducing the LeftoverPNKWithdrawn event with an indexed _account parameter allows efficient filtering. Ensure your subgraph mappings handle this new event.

Please verify that the subgraph’s event handlers have been updated to consume LeftoverPNKWithdrawn.


85-93: Updated NewPhase event signature is in place
The previous variant with an indexed address is removed, leaving only the _phase payload. Confirm that downstream consumers (subgraph, frontends) are updated for this change.

Run a search in your subgraph mappings for NewPhase to ensure the filtering logic aligns with this new signature.


109-118: Consolidated StakeDelayed event is correct
Combining the three prior delayed-stake events into this single, indexed version simplifies processing. Confirm that your subgraph and any listeners now reference only this StakeDelayed event.

Ensure all old event handlers are removed and that StakeDelayed is fully integrated.


739-753: penalizeStake now returns two values
The signature update to emit both pnkBalance and availablePenalty aligns with the new core logic. Verify that any ABI consumers (e.g., subgraph or UI) handle both return values in the correct order.

You may grep for .penalizeStake calls in your mappings to confirm compatibility.


901-905: oldStake output correctly added to setStake
Capturing oldStake enables downstream logic to reconcile previous state. The new ordering aligns with the updated StakingResult enum.


1024-1037: Added withdrawLeftoverPNK function
This new method enables jurors to reclaim unused tokens. Ensure that your subgraph ABI and mappings include this function, and that the LeftoverPNKWithdrawn event is emitted accordingly in the contract.

Double-check your graph schema to include withdrawLeftoverPNK and that calls to it are indexed.

Comment on lines 883 to 887
{
"internalType": "bool",
"name": "_alreadyTransferred",
"name": "",
"type": "bool"
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

⚠️ Potential issue

Remove the unnamed boolean input in setStake
The boolean parameter is now deprecated and left unnamed—this will break ABI consumers. It should be removed entirely.

Apply this diff to eliminate the unused boolean param:

@@ -883,4 +883,0
-        {
-          "internalType": "bool",
-          "name": "",
-          "type": "bool"
-        },

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents
In subgraph/core-neo/abi-migrations/SortitionModuleNeo.json around lines 883 to
887, there is an unnamed boolean input parameter in the setStake function that
is deprecated and breaks ABI consumers. Remove this entire boolean parameter
object from the ABI to eliminate the unused and unnamed boolean input.

Copy link

codeclimate bot commented Jun 12, 2025

Code Climate has analyzed commit 3faccb6 and detected 0 issues on this pull request.

View more on Code Climate.

Copy link

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🔭 Outside diff range comments (2)
contracts/src/arbitration/university/KlerosCoreUniversity.sol (1)

740-776: ⚠️ Potential issue

Penalty accounting bug – returned values ignored.

penalizeStake now yields (pnkBalance, availablePenalty), but the code:

_params.pnkPenaltiesInRound += penalty;
...
penalizeStake(account, dispute.courtID, penalty);

never uses availablePenalty. If the juror’s stake is insufficient, you will over-credit penalties, breaking reward maths.

-        uint256 penalty = ...;
-        _params.pnkPenaltiesInRound += penalty;
-        ...
-        sortitionModule.penalizeStake(account, dispute.courtID, penalty);
+        uint256 penalty = ...;
+        (uint256 pnkBalance, uint256 applied) =
+            sortitionModule.penalizeStake(account, dispute.courtID, penalty);
+        _params.pnkPenaltiesInRound += applied;
+        ...
+        if (pnkBalance == 0) {
+            sortitionModule.setJurorInactive(account);
+        }

This aligns behaviour with the Neo/Core version.

contracts/src/arbitration/university/SortitionModuleUniversity.sol (1)

247-258: ⚠️ Potential issue

Missing return statement – contract will not compile.

penalizeStake promises (uint256 pnkBalance, uint256 availablePenalty) but never returns.

-    ) external override onlyByCore returns (uint256 pnkBalance, uint256 availablePenalty) {
+    ) external override onlyByCore returns (uint256 pnkBalance, uint256 availablePenalty) {
         Juror storage juror = jurors[_account];
         if (juror.stakedPnk >= _relativeAmount) {
             juror.stakedPnk -= _relativeAmount;
-        } else {
+            availablePenalty = _relativeAmount;
+        } else {
             juror.stakedPnk = 0;
+            availablePenalty = juror.stakedPnk; // whatever could actually be taken
         }
-    }
+        pnkBalance = juror.stakedPnk;
+        return (pnkBalance, availablePenalty);
+    }

Without this, compilation fails and upstream contracts depending on the returned values break.

🧹 Nitpick comments (11)
contracts/src/arbitration/SortitionModuleNeo.sol (1)

87-120: Minor gas-save opportunity in _validateStake.

The arithmetic inside if (phase == Phase.staking) is overflow-checked twice by default.
Wrapping the totalStaked updates in an unchecked { ... } block (after confirming bounds with the earlier if checks) will shave a few hundred gas per stake adjustment without changing behaviour.

contracts/src/arbitration/university/SortitionModuleUniversity.sol (2)

142-181: validateStake always reports Success – consider max-stake caps.

Unlike the Neo module, no upper-bound checks are applied. If instructional simplicity is intended that’s fine; otherwise replicate maxStakePerJuror / maxTotalStaked validation to keep examples consistent.


183-185: setStake is still TODO.

Core now calls this method after deposits succeed. Implement the function (even a thin wrapper around tree updates) to avoid silent no-ops once the classroom moves past validation.

contracts/src/arbitration/SortitionModuleBase.sol (8)

38-43: alreadyTransferred field is dead-code – drop it to slim the struct

The flag is now documented as DEPRECATED and is never read anywhere in the contract after this PR.
Keeping it around:

  1. Bloats storage layout and therefore deployment/runtime gas.
  2. Confuses auditors who must still reason about its invariants.

If backward-compatibility is not strictly required at the storage level, delete the field altogether; otherwise at least add an inline comment that the slot is intentionally preserved for storage-layout compatibility.


48-50: Nice addition, but document the per-court locking invariant

Introducing lockedInCourt clarifies where tokens are frozen.
Please extend NatSpec on Juror.lockedPnk/lockedInCourt to state the intended invariant (e.g. sum(lockedInCourt) == lockedPnk) so future maintainers cannot break it inadvertently.


72-73: Unused mapping – consider pruning

latestDelayedStakeIndex is marked DEPRECATED but is still instantiated.
Unless an external migration script still relies on it, removing it (and its writes in legacy code, if any) will save ~20 000 gas at deploy and 5 000 gas per cold SLOAD.


85-101: Legacy delayed-stake events still emitted nowhere

All three StakeDelayed* legacy events remain declared but are never emitted after this PR.
Leaving them around:

  • Creates an ABI surface that dApp/indexer devs might listen to by mistake.
  • Adds 96 bytes to the runtime bytecode.

Recommend deleting the declarations once subgraphs have been migrated.


156-163: Modifier onlyByCoreOrThis enables external self-calls – be deliberate

Using this.setStake(...) (see penalizeStake) incurs an external call, extra gas, and re-entrancy surface (albeit to self).
An internal helper (_applyStake) would avoid this.

-function setStake(address _account, uint96 _courtID, uint256 _newStake) public ...
+function _applyStake(address _account, uint96 _courtID, uint256 _newStake) internal ...

Then expose a thin external wrapper guarded by the modifier if needed.


348-388: Micro-optimisations & typo inside setStake

  1. currenCourtID is misspelled – minor, but typo leaks into public bytecode.
  2. The for-loop used for array cleanup is O(n). Keeping a mapping courtID => index would make deletions O(1) and save gas for jurors with many courts.

Not blocking, but worth tracking.


403-414: penalizeStake performs an external self-call

Calling this.setStake costs an extra 700–1 000 gas and bypasses Solidity’s internal call optimisations.
Extract the core logic into an internal function and reuse it here.

Also, since penalty burns stake while lockedPnk stays unchanged until unlockStake, make sure downstream code never assumes stakedPnk ≥ lockedPnk between these two calls (see earlier comment).


377-377: Nit: variable name typo

uint96 currenCourtIDuint96 currentCourtID

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 994e8f8 and 3faccb6.

📒 Files selected for processing (8)
  • contracts/src/arbitration/KlerosCoreBase.sol (7 hunks)
  • contracts/src/arbitration/KlerosCoreNeo.sol (1 hunks)
  • contracts/src/arbitration/SortitionModuleBase.sol (8 hunks)
  • contracts/src/arbitration/SortitionModuleNeo.sol (2 hunks)
  • contracts/src/arbitration/interfaces/ISortitionModule.sol (1 hunks)
  • contracts/src/arbitration/university/KlerosCoreUniversity.sol (7 hunks)
  • contracts/src/arbitration/university/SortitionModuleUniversity.sol (5 hunks)
  • contracts/test/foundry/KlerosCore.t.sol (11 hunks)
🚧 Files skipped from review as they are similar to previous changes (2)
  • contracts/src/arbitration/interfaces/ISortitionModule.sol
  • contracts/test/foundry/KlerosCore.t.sol
⏰ Context from checks skipped due to timeout of 90000ms (15)
  • GitHub Check: Redirect rules - kleros-v2-neo
  • GitHub Check: Redirect rules - kleros-v2-university
  • GitHub Check: Header rules - kleros-v2-neo
  • GitHub Check: Header rules - kleros-v2-university
  • GitHub Check: Pages changed - kleros-v2-neo
  • GitHub Check: Pages changed - kleros-v2-university
  • GitHub Check: Redirect rules - kleros-v2-testnet
  • GitHub Check: Redirect rules - kleros-v2-testnet
  • GitHub Check: Analyze (javascript)
  • GitHub Check: contracts-testing
  • GitHub Check: SonarCloud
  • GitHub Check: Header rules - kleros-v2-testnet
  • GitHub Check: Header rules - kleros-v2-testnet
  • GitHub Check: Pages changed - kleros-v2-testnet
  • GitHub Check: Pages changed - kleros-v2-testnet
🔇 Additional comments (14)
contracts/src/arbitration/KlerosCoreNeo.sol (1)

108-108: _setStake call matches the new interface – looks good.

contracts/src/arbitration/KlerosCoreBase.sol (5)

466-476: Interface alignment looks correct.

The updated invocations of _setStake now supply OnError.* instead of the removed _alreadyTransferred flag – consistent with the refactor. No further action required.


606-607: Court-scoped locking call adopted correctly.

lockStake(drawnAddress, dispute.courtID, …) propagates the court context expected by the new SortitionModule ABI.


775-798: Good use of real penalty returned by penalizeStake, but double-check ordering.

Unlocking the stake before calling penalizeStake is necessary, yet it briefly drops lockedInCourt below the eventual penalty size. Confirm that penalizeStake itself never relies on lockedInCourt for invariants to avoid under-penalisation.


845-846: Court-scoped unlock reflected here as well – looks fine.


1084-1108: Delayed-stake branch returns before token transfer – verify follow-up call.

When stakingResult == Delayed, the function exits without moving tokens or updating the SortitionModule. Ensure the follow-up setStakeBySortitionModule call executes in all cases so the deposit is eventually pulled exactly once.

contracts/src/arbitration/university/KlerosCoreUniversity.sol (4)

459-460: Updated _setStake invocation aligns with new signature.


467-469: setStakeBySortitionModule call updated – OK.


595-596: Court-aware locking adopted correctly.


824-828: Court-aware unlock reflected in reward path – looks OK.

contracts/src/arbitration/university/SortitionModuleUniversity.sol (2)

34-35: Per-court locking map added – nice touch.


235-245: Court-scoped lock/unlock bookkeeping looks correct.

contracts/src/arbitration/SortitionModuleBase.sol (2)

103-108: 👍 Unified StakeDelayed event

Clear, single source of truth with both indexed topics – good choice.


115-119: Event defined but never fired in this contract

LeftoverPNKWithdrawn is declared yet no emit is present.
Confirm the emission happens in a derived contract; otherwise add it where withdrawLeftoverPNK is implemented.

Comment on lines +299 to +346
function _validateStake(
address _account,
uint96 _courtID,
uint256 _newStake,
bool _alreadyTransferred
) internal virtual returns (uint256 pnkDeposit, uint256 pnkWithdrawal, StakingResult stakingResult) {
uint256 _newStake
)
internal
virtual
returns (uint256 pnkDeposit, uint256 pnkWithdrawal, uint256 actualNewStake, StakingResult stakingResult)
{
Juror storage juror = jurors[_account];
uint256 currentStake = stakeOf(_account, _courtID);

uint256 nbCourts = juror.courtIDs.length;
if (currentStake == 0 && nbCourts >= MAX_STAKE_PATHS) {
return (0, 0, StakingResult.CannotStakeInMoreCourts); // Prevent staking beyond MAX_STAKE_PATHS but unstaking is always allowed.
return (0, 0, currentStake, StakingResult.CannotStakeInMoreCourts); // Prevent staking beyond MAX_STAKE_PATHS but unstaking is always allowed.
}

if (currentStake == 0 && _newStake == 0) {
return (0, 0, StakingResult.CannotStakeZeroWhenNoStake); // Forbid staking 0 amount when current stake is 0 to avoid flaky behaviour.
return (0, 0, currentStake, StakingResult.CannotStakeZeroWhenNoStake); // Forbid staking 0 amount when current stake is 0 to avoid flaky behaviour.
}

pnkWithdrawal = _deleteDelayedStake(_courtID, _account);
if (phase != Phase.staking) {
// Store the stake change as delayed, to be applied when the phase switches back to Staking.
DelayedStake storage delayedStake = delayedStakes[++delayedStakeWriteIndex];
delayedStake.account = _account;
delayedStake.courtID = _courtID;
delayedStake.stake = _newStake;
latestDelayedStakeIndex[_account][_courtID] = delayedStakeWriteIndex;
if (_newStake > currentStake) {
// PNK deposit: tokens are transferred now.
delayedStake.alreadyTransferred = true;
pnkDeposit = _increaseStake(juror, _courtID, _newStake, currentStake);
emit StakeDelayedAlreadyTransferredDeposited(_account, _courtID, _newStake);
} else {
// PNK withdrawal: tokens are not transferred yet.
emit StakeDelayedNotTransferred(_account, _courtID, _newStake);
}
return (pnkDeposit, pnkWithdrawal, StakingResult.Successful);
emit StakeDelayed(_account, _courtID, _newStake);
return (0, 0, currentStake, StakingResult.Delayed);
}

// Current phase is Staking: set normal stakes or delayed stakes (which may have been already transferred).
// Current phase is Staking: set normal stakes or delayed stakes.
actualNewStake = _newStake;
if (_newStake >= currentStake) {
if (!_alreadyTransferred) {
pnkDeposit = _increaseStake(juror, _courtID, _newStake, currentStake);
pnkDeposit = _newStake - currentStake;
} else {
pnkWithdrawal = currentStake - _newStake;
// Ensure locked tokens remain in the contract. They can only be released during Execution.
uint256 possibleWithdrawal = currentStake > juror.lockedInCourt[_courtID]
? currentStake - juror.lockedInCourt[_courtID]
: 0;
if (pnkWithdrawal > possibleWithdrawal) {
pnkWithdrawal = possibleWithdrawal;
actualNewStake = currentStake - pnkWithdrawal;
}
}
return (pnkDeposit, pnkWithdrawal, actualNewStake, StakingResult.Successful);
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Withdrawal cap ignores locks in other courts – can break lockedPnk ≤ stakedPnk invariant

possibleWithdrawal only considers lockedInCourt[_courtID].
A juror can therefore withdraw from court A while tokens remain locked in court B, ending with stakedPnk < lockedPnk.

That violates the implicit invariant and may later revert on unlockStake or allow drawing under-collateralised jurors.

Proposed fix (illustrative):

- uint256 possibleWithdrawal = currentStake > juror.lockedInCourt[_courtID]
-     ? currentStake - juror.lockedInCourt[_courtID]
-     : 0;
+ uint256 globallyAvailable = juror.stakedPnk - juror.lockedPnk;
+ // remove the portion we are about to touch
+ globallyAvailable += currentStake;
+ uint256 possibleWithdrawal = globallyAvailable > currentStake
+     ? globallyAvailable - currentStake
+     : 0;

Ensures total stake never drops below total locked across all courts.

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents
In contracts/src/arbitration/SortitionModuleBase.sol between lines 299 and 346,
the withdrawal cap calculation only accounts for locked tokens in the current
court (_courtID), ignoring locks in other courts. This can cause the total
staked tokens to fall below the total locked tokens, violating the invariant
lockedPnk ≤ stakedPnk. To fix this, modify the calculation of possibleWithdrawal
to consider the total locked tokens across all courts for the juror, ensuring
that the new stake never drops below the sum of all locked tokens. This prevents
under-collateralization and maintains the invariant.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants