The ERC900 standard doesn’t define what can happen once someone has staked their tokens. Some use cases need to be able to slash users’ tokens depending on the outcome of certain actions. A lot of interesting applications for staking tokens are built on the fact that a part or the totality of one’s tokens could potentially be lost if they were to act in a malicious way. For example, in the case of the Agreement app, proposed actions can be challenged and depending on how the challenge is resolved, the user could lose their staked collateral.
This Staking contract achieves this by adding locks on top of staked balances. A user can designate multiple lock managers, which can be either a contract or an externally-owned account, and a maximum allowance for each manager. Managers are able to lock up to that allowed amount of tokens, and to unlock them too. While tokens are locked, the original owner cannot unstake nor transfer them, and the lock manager is given permission to transfer those tokens: to another user’s lock, to the staked balance of another user, or to an external account. Note that the lock managers' allowance does not work as ERC20 approvals, these are not decreased every time a lock is created or increased.
If the manager is a contract, it must implement the canUnlock method, where certain conditions can be specified to allow the owner to re-gain control of the tokens. A common use case would be a time-based lock manager, that would lock tokens only for a defined period of time, and once the period is over, the user would be able to unlock and unstake their tokens.