From 26dce2a2258187af7a8cb081bed4e6a5d0ae7065 Mon Sep 17 00:00:00 2001
From: Piotr Dyraga <piotr.dyraga@keep.network>
Date: Thu, 28 Apr 2022 19:43:45 +0200
Subject: [PATCH] Staking requestAuthorizationDecrease function contract update

The application may revert authorization decrease request, if there is
already one pending for the given application.

This is entirely up to the application if overwriting pending request at
the given moment is fine or not.

This is important for TBTC and Random Beacon because allowing to
"decrease authorization decrease request" at any moment may be used for
pool manipulation and becoming a free-rider.
---
 contracts/staking/IApplication.sol | 3 +++
 contracts/staking/IStaking.sol     | 4 +++-
 contracts/staking/TokenStaking.sol | 4 +++-
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/contracts/staking/IApplication.sol b/contracts/staking/IApplication.sol
index c241c52a..0b36754a 100644
--- a/contracts/staking/IApplication.sol
+++ b/contracts/staking/IApplication.sol
@@ -48,6 +48,9 @@ interface IApplication {
     ///         pending decrease and respond to the staking contract with
     ///         `approveAuthorizationDecrease` at its discretion. It may
     ///         happen right away but it also may happen several months later.
+    ///         If there is already a pending authorization decrease request
+    ///         for the application, and the application does not agree for
+    ///         overwriting it, the function should revert.
     function authorizationDecreaseRequested(
         address stakingProvider,
         uint96 fromAmount,
diff --git a/contracts/staking/IStaking.sol b/contracts/staking/IStaking.sol
index 12ad0331..1e6f17c8 100644
--- a/contracts/staking/IStaking.sol
+++ b/contracts/staking/IStaking.sol
@@ -109,7 +109,9 @@ interface IStaking {
     ///         it happens depends on the application. Can only be called by the
     ///         given staking provider’s authorizer. Overwrites pending
     ///         authorization decrease for the given staking provider and
-    ///         application.
+    ///         application if the application agrees for that. If the
+    ///         application does not agree for overwriting, the function
+    ///         reverts.
     /// @dev Calls `authorizationDecreaseRequested(address stakingProvider, uint256 amount)`
     ///      on the given application. See `IApplication`.
     function requestAuthorizationDecrease(
diff --git a/contracts/staking/TokenStaking.sol b/contracts/staking/TokenStaking.sol
index b6ac3cb9..931e5b56 100644
--- a/contracts/staking/TokenStaking.sol
+++ b/contracts/staking/TokenStaking.sol
@@ -1281,7 +1281,9 @@ contract TokenStaking is Initializable, IStaking, Checkpoints {
     ///         it happens depends on the application. Can only be called by the
     ///         given staking provider’s authorizer. Overwrites pending
     ///         authorization decrease for the given staking provider and
-    ///         application.
+    ///         application if the application agrees for that. If the
+    ///         application does not agree for overwriting, the function
+    ///         reverts.
     /// @dev Calls `authorizationDecreaseRequested` callback on the given
     ///      application. See `IApplication`.
     function requestAuthorizationDecrease(