fix: ensure delegations are always slashable (OZ H-02)

Signed-off-by: Tomás Migone <[email protected]>

Author: tmigone

packages/subgraph-service/contracts/DisputeManager.sol

@@ -677,15 +677,16 @@ contract DisputeManager is
      * - Thawing stake is not excluded from the snapshot.
      * - Delegators stake is capped at the delegation ratio to prevent delegators from inflating the snapshot
      *   to increase the indexer slash amount.
+     *
+     * Note that the snapshot can be inflated by delegators front-running the dispute creation with a delegation
+     * to the indexer. Given the snapshot is a cap, the dispute outcome is uncertain and considering the cost of capital
+     * and slashing risk, this is not a concern.
      * @param _indexer Indexer address
      * @param _indexerStake Indexer's stake
      * @return Total stake snapshot
      */
     function _getStakeSnapshot(address _indexer, uint256 _indexerStake) private view returns (uint256) {
-        ISubgraphService subgraphService_ = _getSubgraphService();
-        uint256 delegatorsStake = _graphStaking().getDelegationPool(_indexer, address(subgraphService_)).tokens;
-        uint256 delegatorsStakeMax = _indexerStake * uint256(subgraphService_.getDelegationRatio());
-        uint256 stakeSnapshot = _indexerStake + MathUtils.min(delegatorsStake, delegatorsStakeMax);
-        return stakeSnapshot;
+        uint256 delegatorsStake = _graphStaking().getDelegationPool(_indexer, address(_getSubgraphService())).tokens;
+        return _indexerStake + delegatorsStake;
     }
 }

packages/subgraph-service/test/disputeManager/disputes/indexing/create.t.sol

@@ -16,6 +16,30 @@ contract DisputeManagerIndexingCreateDisputeTest is DisputeManagerTest {
         _createIndexingDispute(allocationID, bytes32("POI1"));
     }
 
+    function test_Indexing_Create_Dispute_WithDelegation(uint256 tokens, uint256 delegationTokens) public useIndexer {
+        vm.assume(tokens >= minimumProvisionTokens);
+        vm.assume(tokens < 100_000_000 ether); // set a low cap to test overdelegation
+        _createProvision(users.indexer, tokens, fishermanRewardPercentage, disputePeriod);
+        _register(users.indexer, abi.encode("url", "geoHash", address(0)));
+        bytes memory data = _createSubgraphAllocationData(
+            users.indexer,
+            subgraphDeployment,
+            allocationIDPrivateKey,
+            tokens
+        );
+        _startService(users.indexer, data);
+
+        uint256 delegationRatio = subgraphService.getDelegationRatio();
+        delegationTokens = bound(delegationTokens, 1e18, tokens * delegationRatio * 2); // make sure we have overdelegation
+
+        resetPrank(users.delegator);
+        token.approve(address(staking), delegationTokens);
+        staking.delegate(users.indexer, address(subgraphService), delegationTokens, 0);
+
+        resetPrank(users.fisherman);
+        _createIndexingDispute(allocationID, bytes32("POI1"));
+    }
+
     function test_Indexing_Create_Dispute_RevertWhen_SubgraphServiceNotSet(
         uint256 tokens
     ) public useIndexer useAllocation(tokens) {

packages/subgraph-service/test/shared/SubgraphServiceShared.t.sol

@@ -187,6 +187,10 @@ abstract contract SubgraphServiceSharedTest is HorizonStakingSharedTest {
         staking.delegate(users.indexer, address(subgraphService), tokens, 0);
     }
 
+    function _calculateStakeSnapshot(uint256 _tokens, uint256 _tokensDelegated) internal view returns (uint256) {
+        return _tokens + _tokensDelegated;
+    }
+
     /*
      * PRIVATE FUNCTIONS
      */