Merge pull request #1114 from graphprotocol/tmigone/fix-escape-hatch

Author: tmigone

packages/horizon/contracts/interfaces/internal/IHorizonStakingMain.sol

@@ -362,6 +362,13 @@ interface IHorizonStakingMain {
      */
     error HorizonStakingNotAuthorized(address serviceProvider, address verifier, address caller);
 
+    /**
+     * @notice Thrown when attempting to create a provision with a verifier other than the
+     * subgraph data service. This restriction only applies during the transition period.
+     * @param verifier The verifier address
+     */
+    error HorizonStakingInvalidVerifier(address verifier);
+
     /**
      * @notice Thrown when attempting to create a provision with an invalid maximum verifier cut.
      * @param maxVerifierCut The maximum verifier cut
@@ -562,6 +569,8 @@ interface IHorizonStakingMain {
      * service, where the data service is the verifier.
      * This function can be called by the service provider or by an operator authorized by the provider
      * for this specific verifier.
+     * @dev During the transition period, only the subgraph data service can be used as a verifier. This
+     * prevents an escape hatch for legacy allocation stake.
      * @dev Requirements:
      * - `tokens` cannot be zero.
      * - The `serviceProvider` must have enough idle stake to cover the tokens to provision.

packages/horizon/contracts/staking/HorizonStaking.sol

@@ -720,6 +720,11 @@ contract HorizonStaking is HorizonStakingBase, IHorizonStakingMain {
         uint64 _thawingPeriod
     ) private {
         require(_tokens > 0, HorizonStakingInvalidZeroTokens());
+        // TODO: Remove this after the transition period - it prevents an early escape hatch for legacy allocations
+        require(
+            _verifier == SUBGRAPH_DATA_SERVICE_ADDRESS || __DEPRECATED_thawingPeriod == 0,
+            HorizonStakingInvalidVerifier(_verifier)
+        );
         require(PPMMath.isValidPPM(_maxVerifierCut), HorizonStakingInvalidMaxVerifierCut(_maxVerifierCut));
         require(
             _thawingPeriod <= _maxThawingPeriod,

packages/horizon/hardhat.config.ts

@@ -22,7 +22,7 @@ const config: HardhatUserConfig = {
     settings: {
       optimizer: {
         enabled: true,
-        runs: 70,
+        runs: 20,
       },
     },
   },

packages/horizon/test/staking/provision/provision.t.sol

@@ -108,4 +108,20 @@ contract HorizonStakingProvisionTest is HorizonStakingTest {
         vm.expectRevert(expectedError);
         staking.provision(users.indexer, subgraphDataServiceAddress, amount, maxVerifierCut, thawingPeriod);
     }
+
+    function testProvision_RevertWhen_VerifierIsNotSubgraphDataServiceDuringTransitionPeriod(
+        uint256 amount
+    ) public useIndexer useStake(amount) {
+        // simulate the transition period
+        _setStorage_DeprecatedThawingPeriod(THAWING_PERIOD_IN_BLOCKS);
+
+        // oddly we use subgraphDataServiceLegacyAddress as the subgraph service address
+        // so subgraphDataServiceAddress is not the subgraph service ¯\_(ツ)_/¯
+        bytes memory expectedError = abi.encodeWithSignature(
+            "HorizonStakingInvalidVerifier(address)",
+            subgraphDataServiceAddress
+        );
+        vm.expectRevert(expectedError);
+        staking.provision(users.indexer, subgraphDataServiceAddress, amount, 0, 0);
+    }
 }

packages/horizon/test/staking/stake/unstake.t.sol

@@ -62,10 +62,10 @@ contract HorizonStakingUnstakeTest is HorizonStakingTest {
         _setStorage_ServiceProvider(users.indexer, tokensLocked, 0, tokensLocked, block.number, 0);
 
         // create provision, thaw and deprovision
-        _createProvision(users.indexer, subgraphDataServiceAddress, tokens, 0, MAX_THAWING_PERIOD);
-        _thaw(users.indexer, subgraphDataServiceAddress, tokens);
+        _createProvision(users.indexer, subgraphDataServiceLegacyAddress, tokens, 0, MAX_THAWING_PERIOD);
+        _thaw(users.indexer, subgraphDataServiceLegacyAddress, tokens);
         skip(MAX_THAWING_PERIOD + 1);
-        _deprovision(users.indexer, subgraphDataServiceAddress, 0);
+        _deprovision(users.indexer, subgraphDataServiceLegacyAddress, 0);
 
         // unstake
         _unstake(tokensToUnstake);
@@ -90,10 +90,10 @@ contract HorizonStakingUnstakeTest is HorizonStakingTest {
         _setStorage_ServiceProvider(users.indexer, tokensThawing, 0, tokensThawing, tokensThawingUntilBlock, 0);
 
         // create provision, thaw and deprovision
-        _createProvision(users.indexer, subgraphDataServiceAddress, tokens, 0, MAX_THAWING_PERIOD);
-        _thaw(users.indexer, subgraphDataServiceAddress, tokens);
+        _createProvision(users.indexer, subgraphDataServiceLegacyAddress, tokens, 0, MAX_THAWING_PERIOD);
+        _thaw(users.indexer, subgraphDataServiceLegacyAddress, tokens);
         skip(MAX_THAWING_PERIOD + 1);
-        _deprovision(users.indexer, subgraphDataServiceAddress, 0);
+        _deprovision(users.indexer, subgraphDataServiceLegacyAddress, 0);
 
         // unstake
         _unstake(tokensToUnstake);