fix(SortitionModule): fix staking logic and remove instant staking

[unknownunknown1]

PR-Codex overview

This PR focuses on enhancing the ISortitionModule interface and its implementations by adding new functionalities and improving existing ones, particularly around stake management and penalty processing.

Detailed summary

• Added withdrawLeftoverPNK(address _account) function to ISortitionModule and its implementations.
• Modified penalizeStake function to return pnkBalance and availablePenalty.
• Updated comments and removed deprecated parameters.
• Adjusted event emissions to reflect changes in staking and penalties.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

Summary by CodeRabbit

• New Features

  • Added the ability for jurors to withdraw leftover tokens after fully unstaking, provided certain conditions are met.
  • Introduced new functions for direct token transfers and leftover withdrawals by the sortition module.

• Improvements

  • Simplified and streamlined the staking and delayed stake handling process.
  • Enhanced penalty execution to reflect actual penalties applied.
  • Updated event emissions for clearer tracking of stake and withdrawal actions.

• Bug Fixes

  • Corrected token balance and stake state updates during staking, unstaking, and penalty scenarios.

• Tests

  • Updated and expanded tests to cover new and revised staking, penalty, and withdrawal behaviors.

[coderabbitai]

Walkthrough

The changes remove the deprecated _alreadyTransferred parameter from staking logic across core and sortition modules, simplify delayed stake handling, and introduce new functions for direct PNK transfers and leftover withdrawals. Penalty and reward accounting is updated to reflect actual applied values, and tests are revised to match the new logic and event emissions.

Changes

File(s)	Change Summary
contracts/src/arbitration/KlerosCoreBase.sol	Deprecated _alreadyTransferred parameter in staking functions; added transferBySortitionModule; updated penalty and reward execution logic to use actual penalties and remove redundant token returns.
contracts/src/arbitration/SortitionModuleBase.sol, contracts/src/arbitration/SortitionModuleNeo.sol, contracts/src/arbitration/university/SortitionModuleUniversity.sol	Removed/ignored _alreadyTransferred parameter; simplified delayed stake logic; removed helper functions and deprecated events; updated penalizeStake to return values; added withdrawLeftoverPNK.
contracts/src/arbitration/dispute-kits/DisputeKitClassicBase.sol	Simplified _postDrawCheck to only consider single-draw-per-juror restriction, removing stake sufficiency checks.
contracts/src/arbitration/interfaces/ISortitionModule.sol	Updated penalizeStake signature to return values; added withdrawLeftoverPNK function.
contracts/test/foundry/KlerosCore.t.sol	Updated and added tests to reflect new delayed stake, penalty, and withdrawal logic; removed obsolete tests; adjusted event and balance assertions.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant KlerosCoreBase
    participant SortitionModule
    participant PNKToken

    User->>KlerosCoreBase: setStakeBySortitionModule(account, courtID, newStake, _)
    KlerosCoreBase->>SortitionModule: setStake(account, courtID, newStake, false)
    SortitionModule->>SortitionModule: Update juror's stakedPnk
    Note right of SortitionModule: Delayed stake logic simplified

    User->>KlerosCoreBase: transferBySortitionModule(account, amount)
    KlerosCoreBase->>PNKToken: Transfer PNK to account

    KlerosCoreBase->>SortitionModule: penalizeStake(account, relativeAmount)
    SortitionModule->>SortitionModule: Reduce stakedPnk, return (pnkBalance, availablePenalty)
    KlerosCoreBase->>KlerosCoreBase: Update penalty accounting

    User->>SortitionModule: withdrawLeftoverPNK(account)
    SortitionModule->>PNKToken: Transfer leftover PNK to account

Loading

Possibly related PRs

• kleros/kleros-v2#1765: Modifies KlerosCoreBase staking logic and penalty handling, closely related to this PR's changes in staking mechanism.
• kleros/kleros-v2#1935: Alters SortitionModuleBase stake-related events and parameters, overlapping with this PR's event and parameter updates in stake handling.

Suggested labels

Type: Bug :bug:, Type: Enhancement :sparkles:, Package: Contracts

Suggested reviewers

• jaybuidl
• alcercu

Poem

A rabbit hopped through staking fields anew,
Deprecated flags now bid adieu!
Penalties fair, rewards precise,
Leftover tokens—withdrawn in a trice.
Events are cleaner, logic tight—
The codebase shines, a burrow of light!
🐇✨

Note

⚡️ AI Code Reviews for VS Code, Cursor, Windsurf

CodeRabbit now has a plugin for VS Code, Cursor and Windsurf. This brings AI code reviews directly in the code editor. Each commit is reviewed immediately, finding bugs before the PR is raised. Seamless context handoff to your AI code agent ensures that you can easily incorporate review feedback.
Learn more here.

---

Note

⚡️ Faster reviews with caching

CodeRabbit now supports caching for code and dependencies, helping speed up reviews. This means quicker feedback, reduced wait times, and a smoother review experience overall. Cached data is encrypted and stored securely. This feature will be automatically enabled for all accounts on May 16th. To opt out, configure Review - Disable Cache at either the organization or repository level. If you prefer to disable all data retention across your organization, simply turn off the Data Retention setting under your Organization Settings.
Enjoy the performance boost—your workflow just got faster.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai or @coderabbitai title anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codeclimate]

Code Climate has analyzed commit d876e24 and detected 0 issues on this pull request.

View more on Code Climate.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 1

🔭 Outside diff range comments (1)

contracts/src/arbitration/university/SortitionModuleUniversity.sol (1)

238-248: ⚠️ Potential issue

Function signature updated but missing return values

While the function signature has been updated to match the interface, the function doesn't actually set or return the declared values pnkBalance and availablePenalty. This needs to be fixed to properly implement the interface.

Update the function to return the required values:

function penalizeStake(
    address _account,
    uint256 _relativeAmount
) external override onlyByCore returns (uint256 pnkBalance, uint256 availablePenalty) {
    Juror storage juror = jurors[_account];
    if (juror.stakedPnk >= _relativeAmount) {
        juror.stakedPnk -= _relativeAmount;
+       availablePenalty = _relativeAmount;
    } else {
+       availablePenalty = juror.stakedPnk;
        juror.stakedPnk = 0; // stakedPnk might become lower after manual unstaking, but lockedPnk will always cover the difference.
    }
+   pnkBalance = juror.stakedPnk;
+   return (pnkBalance, availablePenalty);
}

🧹 Nitpick comments (12)

contracts/src/arbitration/university/SortitionModuleUniversity.sol (1)

264-265: Empty implementation of withdrawLeftoverPNK

This is an empty implementation of the required interface function. While technically compliant with the interface, this implementation doesn't actually withdraw any leftover PNK. If this is intentional for the University module, consider adding a comment explaining why.

Consider adding a clarifying comment:

-function withdrawLeftoverPNK(address _account) external override {}
+function withdrawLeftoverPNK(address _account) external override {
+    // No implementation needed for University module as it doesn't track leftover PNK
+}

contracts/src/arbitration/KlerosCoreBase.sol (2)

474-482: Deprecate the unused _alreadyTransferred parameter to save deployment & call gas

setStakeBySortitionModule keeps the parameter in the ABI but never uses it (/* _alreadyTransferred */).
If no externally-deployed SortitionModule still relies on the 4-argument signature, consider removing the parameter entirely (and adjusting the interface) or adding a dedicated deprecated overload to keep backwards compatibility. Eliminating the dead parameter shaves 3-5 gas per call and simplifies the API.

---

1083-1099: Follow-up: remove deprecated boolean in call to setStake

sortitionModule.setStake(..., false) passes a hard-coded value that is now unused.
After cleaning up the interface (see comment above), this fourth argument and the trailing comment can be dropped to avoid confusion:

-        (uint256 pnkDeposit, uint256 pnkWithdrawal, StakingResult stakingResult) = sortitionModule.setStake(
-            _account,
-            _courtID,
-            _newStake,
-            false // Unused parameter.
-        );
+        (uint256 pnkDeposit, uint256 pnkWithdrawal, StakingResult stakingResult) =
+            sortitionModule.setStake(_account, _courtID, _newStake);

contracts/test/foundry/KlerosCore.t.sol (5)

1019-1026: Clarify assertion description to match the expected flag value

alreadyTransferred is asserted to be false, yet the accompanying message says “Should be flagged as transferred”.
This wording is confusing because a value of false actually means “not transferred”. Renaming the
message to something like “Should be not flagged as transferred” (or the opposite, depending on the intended
semantics) will prevent mis-interpretation when the test fails.

---

1094-1119: Replace magic numbers with expressions for better readability & resilience

The balance assertions use large hard-coded literals such as
999999999999998200.
Although they are numerically correct (1 ether - 1800), the intent is obscured and any future change
to the staked amount will require hunting down and editing multiple constants.

Consider computing the expected value on-the-fly, e.g.

uint256 expected = 1 ether - 1_800;
assertEq(pinakion.balanceOf(staker1), expected, "Wrong token balance of staker1");

or even

assertEq(
    pinakion.balanceOf(staker1),
    1 ether - (1500 /* first stake */ + 300 /* diff */),
    "Wrong token balance of staker1"
);

This keeps the arithmetic obvious, avoids copy-paste mistakes, and makes the test less brittle.

---

1203-1210: Impersonating the Core to self-transfer can hide real-world constraints

vm.prank(address(core)); pinakion.transfer(governor, 10000); works in the
unit test, but in production KlerosCore has no such method and cannot trigger ERC-20 transfer
directly. If the goal is only to zero the Core’s balance, consider minting a fresh token or using
deal(address(pinakion), address(core), 0) (forge cheat-code) instead.

This keeps the test closer to real behaviour and avoids accidentally relying on “the contract calls
transfer on itself” paths that will never exist on-chain.

---

2454-2510: Hard-coded iteration counts & stake figures make new tests brittle

core.execute(disputeID, 0, 6) assumes that exactly six repartition iterations are always required.
The actual number depends on internal constants such as DEFAULT_NB_OF_JURORS, future changes to
penalty logic, or even gas-cap tweaks. The same applies to the literal 3000 penalty math and the
final balance check for a full 1 ether.

Suggestion:

uint256 iterations = DEFAULT_NB_OF_JURORS * 2; // worst-case upper bound
core.execute(disputeID, 0, iterations);

and compute expected balances from recorded pre-/post-state instead of fixed literals.
Doing so will prevent spurious failures when business rules evolve while preserving
the intent of proving “juror becomes insolvent and is automatically unstaked”.

---

2532-2574: Leverage helper functions to minimise duplicated balance assertions

withdrawLeftoverPNK is tested with a long sequence of assertEq calls that
repeat the “balance before / after” pattern already present in several other stake-related tests.
Extracting a small internal helper:

function _assertPnkBalances(
    uint256 coreBal,
    uint256 jurorBal,
    string memory msgSuffix
) internal {
    assertEq(pinakion.balanceOf(address(core)), coreBal, string.concat("Core ", msgSuffix));
    assertEq(pinakion.balanceOf(staker1), jurorBal, string.concat("Juror ", msgSuffix));
}

and re-using it across the suite will reduce noise, ease future refactors, and make the intent of
each check clearer.

contracts/src/arbitration/SortitionModuleBase.sol (4)

69-72: Consider explicitly annotating deprecated storage to reduce cognitive overhead

latestDelayedStakeIndex is kept for storage-layout compatibility, but it now serves no functional purpose.
Adding an /// @deprecated NatSpec tag (or // DEPRECATED: kept for storage-layout) immediately above the declaration would make the intent clearer to future maintainers and external auditors.

---

84-100: Mark legacy events with @deprecated to avoid accidental reuse

The three StakeDelayed* events are retained but unused. Emitting them elsewhere by mistake would silently revive dead semantics.
Consider:

-/// @notice DEPRECATED Emitted when a juror's stake is delayed and tokens are not transferred yet.
+/// @deprecated Replaced by `StakeDelayed`. Kept for ABI compatibility with historic logs.

Doing so on all three legacy events keeps the ABI unchanged while signalling that integrators should subscribe only to StakeDelayed.

---

242-253: Guard against zero-iteration calls in executeDelayedStakes

Passing _iterations == 0 wastes gas and returns silently. A tiny require improves UX and prevents accidental no-op transactions:

 function executeDelayedStakes(uint256 _iterations) external {
     require(phase == Phase.staking, "Should be in Staking phase.");
     require(delayedStakeWriteIndex >= delayedStakeReadIndex, "No delayed stake to execute.");
+    require(_iterations > 0, "Iterations must be > 0");

---

411-423: Minor polish for withdrawLeftoverPNK

1. The function is callable by anyone for any _account, which is harmless but unusual.
   If the goal is to let third parties “dust-sweep” for jurors, document this explicitly; otherwise consider require(msg.sender == _account, "Only juror");.

2. Replace the if / else { revert(...) } pattern with a single require to save gas and keep style consistent:

-function withdrawLeftoverPNK(address _account) external override {
+function withdrawLeftoverPNK(address _account) external override {
     Juror storage juror = jurors[_account];
-    if (juror.stakedPnk > 0 && juror.courtIDs.length == 0 && juror.lockedPnk == 0) {
-        ...
-    } else {
-        revert("Not eligible for withdrawal.");
-    }
+    require(
+        juror.stakedPnk > 0 && juror.courtIDs.length == 0 && juror.lockedPnk == 0,
+        "Not eligible for withdrawal"
+    );
+    ...
 }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1ca9066 and d876e24.

📒 Files selected for processing (7)

• contracts/src/arbitration/KlerosCoreBase.sol (4 hunks)
• contracts/src/arbitration/SortitionModuleBase.sol (8 hunks)
• contracts/src/arbitration/SortitionModuleNeo.sol (2 hunks)
• contracts/src/arbitration/dispute-kits/DisputeKitClassicBase.sol (2 hunks)
• contracts/src/arbitration/interfaces/ISortitionModule.sol (2 hunks)
• contracts/src/arbitration/university/SortitionModuleUniversity.sol (2 hunks)
• contracts/test/foundry/KlerosCore.t.sol (10 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (3)

• GitHub Check: Analyze (javascript)
• GitHub Check: SonarCloud
• GitHub Check: contracts-testing

🔇 Additional comments (9)

contracts/src/arbitration/dispute-kits/DisputeKitClassicBase.sol (1)

609-630: Simplified juror eligibility check improves code clarity

The _postDrawCheck function has been simplified to only check if the juror has already been drawn when singleDrawPerJuror is enabled, removing previous stake sufficiency checks. This aligns with the broader refactoring to simplify staking logic across the arbitration system.

contracts/src/arbitration/interfaces/ISortitionModule.sol (2)

30-34: Enhanced penalty accounting with detailed return values

The updated return signature for penalizeStake now provides more detailed information by returning both the juror's updated PNK balance and the actual penalty applied. This change enables more precise accounting of penalties in the core arbitration contract.

---

52-53: New function for withdrawing leftover PNK tokens

This new function enables jurors to withdraw any remaining PNK tokens after fully unstaking and clearing their locked tokens, improving the user experience by ensuring no funds are trapped in the contract.

contracts/src/arbitration/SortitionModuleNeo.sol (3)

87-92: Properly marking deprecated parameter

The _alreadyTransferred parameter has been marked as unused with a comment, clearly indicating its deprecation as part of removing instant staking functionality.

---

97-104: Simplified conditional logic for stake increases

The conditional logic has been streamlined to only check maximum stake limits when the stake is being increased, making the code more focused and easier to understand.

---

112-117: Explicit handling of deprecated parameter

The code now explicitly passes false for the deprecated _alreadyTransferred parameter with a clarifying comment, ensuring proper handling while maintaining compatibility with the base contract.

contracts/src/arbitration/KlerosCoreBase.sol (1)

789-803: Double-unlock edge case: verify that unlocked but un-penalised PNK cannot be withdrawn

The flow is:

1. unlockStake(account, penalty);
2. penalizeStake(account, penalty) → returns availablePenalty (may be < penalty).

If the juror’s locked stake is smaller than penalty, the surplus tokens get unlocked in step 1 but are not slashed in step 2, letting the juror immediately withdraw them-–potentially rewarding under-collateralised behaviour.

Please confirm that sortitionModule.unlockStake prevents unlocking more than currently locked or that penalizeStake internally adjusts the unlocked amount. If not, swap the order (penalise first, then unlock the actual availablePenalty) or unlock only availablePenalty.

contracts/src/arbitration/SortitionModuleBase.sol (2)

327-334: Double-check tree consistency when withdrawals are limited by locked PNK

If lockedPnk prevents a full withdrawal, pnkWithdrawal is trimmed but _newStake remains unchanged.
This deliberately produces “left-over” PNK that can later be withdrawn via withdrawLeftoverPNK, so it may be correct by design.
However, it temporarily breaks the invariant juror.stakedPnk == Σ(tree stakes) until the leftover is withdrawn.

Please verify that all downstream logic (drawing, penalties, etc.) tolerates this mismatch; otherwise consider updating _newStake after trimming:

-    // _newStake is still the user-requested target (might be < effective stake)
+    // Align stake recorded in the tree with the actual post-withdrawal amount.
+    _newStake = currentStake - pnkWithdrawal;

---

372-389: Potential invariant break: lockedPnk can exceed stakedPnk after penalties

penalizeStake reduces stakedPnk but never touches lockedPnk.
If lockedPnk > stakedPnk afterwards, subsequent calls to unlockStake could underflow or leave stakedPnk negative in intent (though uint256 prevents it).

Please confirm that lockedPnk ≤ stakedPnk is not relied upon elsewhere (e.g., when drawing, displaying balances, or executing further penalties).
An inexpensive safeguard could be:

assert(juror.stakedPnk >= juror.lockedPnk);

or clamping the penalty to stakedPnk - lockedPnk.

[coderabbitai]

🛠️ Refactor suggestion

Emit an event for PNK moved via transferBySortitionModule

transferBySortitionModule performs an external token transfer but leaves no on-chain trace inside Core.
For transparency, accounting and easier off-chain indexing, emit a lightweight event such as:

+ event SortitionPNKTransfer(address indexed account, uint256 amount);
...
 function transferBySortitionModule(address _account, uint256 _amount) external {
     if (msg.sender != address(sortitionModule)) revert SortitionModuleOnly();
     pinakion.safeTransfer(_account, _amount);
+    emit SortitionPNKTransfer(_account, _amount);
 }

This incurs negligible gas yet gives jurors and auditors full visibility.

🤖 Prompt for AI Agents

In contracts/src/arbitration/KlerosCoreBase.sol around lines 483 to 490, the
function transferBySortitionModule transfers PNK tokens without emitting any
event, which reduces transparency and traceability. Add an event declaration for
PNK transfers by the SortitionModule and emit this event inside the function
after the safeTransfer call, including the recipient address and the amount
transferred to provide on-chain visibility and facilitate off-chain indexing.

[netlify]

✅ Deploy Preview for kleros-v2-testnet ready!

Name	Link
🔨 Latest commit	d876e24
🔍 Latest deploy log	https://app.netlify.com/projects/kleros-v2-testnet/deploys/682c89cf1f88ed000821571a
😎 Deploy Preview	https://deploy-preview-2004--kleros-v2-testnet.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

❌ Deploy Preview for kleros-v2-university failed. Why did it fail? →

Name	Link
🔨 Latest commit	d876e24
🔍 Latest deploy log	https://app.netlify.com/projects/kleros-v2-university/deploys/682c89cf5ca5a000096b7876

[netlify]

✅ Deploy Preview for kleros-v2-testnet-devtools ready!

Name	Link
🔨 Latest commit	d876e24
🔍 Latest deploy log	https://app.netlify.com/projects/kleros-v2-testnet-devtools/deploys/682c89cf79a681000842cae7
😎 Deploy Preview	https://deploy-preview-2004--kleros-v2-testnet-devtools.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for kleros-v2-neo ready!

Name	Link
🔨 Latest commit	d876e24
🔍 Latest deploy log	https://app.netlify.com/projects/kleros-v2-neo/deploys/682c89cfe5bdf80008915472
😎 Deploy Preview	https://deploy-preview-2004--kleros-v2-neo.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.