Skip to content

Commit

Permalink
refactor(certora): move rule about MP not greater than max MP into own
Browse files Browse the repository at this point in the history 
spec

This is necessary because we need to run this rule on a custom config to
avoid timeouts.
  • Loading branch information
@0x-r4bbit
0x-r4bbit committed Oct 8, 2024
1 parent da6cac4 commit 44be126
Show file tree
Hide file tree
Showing 6 changed files with 64 additions and 15 deletions.
1 change: 1 addition & 0 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -173,3 +173,4 @@ jobs:
- verify:stake_manager
- verify:stake_manager_process
- verify:stake_manager_start_migration
- verify:max_mp_rule
30 changes: 30 additions & 0 deletions certora/confs/MaxMPRule.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"files": [
"contracts/StakeManager.sol",
"certora/helpers/StakeRewardEstimateA.sol",
"certora/helpers/ERC20A.sol"
],
"global_timeout": "7200",
"link": [
"StakeManager:stakedToken=ERC20A",
"StakeManager:stakeRewardEstimate=StakeRewardEstimateA"
],
"loop_iter": "3",
"msg": "Z3 random seeds",
"optimistic_loop": true,
"packages": [
"forge-std=lib/forge-std/src",
"@openzeppelin=lib/openzeppelin-contracts"
],
"process": "emv",
"prover_args": [
" -s [z3:def{randomSeed=1},z3:def{randomSeed=2},z3:def{randomSeed=3},z3:def{randomSeed=4},z3:def{randomSeed=5},z3:def{randomSeed=6},z3:def{randomSeed=7},z3:def{randomSeed=8},z3:def{randomSeed=9},z3:def{randomSeed=10}]"
],
"rule": [
"MPcantBeGreaterThanMaxMP"
],
"smt_timeout": "7200",
"verify": "StakeManager:certora/specs/MaxMPRule.spec"
}


17 changes: 17 additions & 0 deletions certora/specs/MaxMPRule.spec
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
import "./shared.spec";

methods {
function accounts(address) external returns(address, uint256, uint256, uint256, uint256, uint256, uint256, uint256) envfree;
}

invariant MPcantBeGreaterThanMaxMP(address addr)
to_mathint(getAccountCurrentMultiplierPoints(addr)) <= (getAccountBalance(addr) * 8) + getAccountBonusMultiplierPoints(addr)
filtered {
f -> f.selector != sig:migrateFrom(address,bool,StakeManager.Account).selector
}
{ preserved {
requireInvariant InitialMPIsNeverSmallerThanBalance(addr);
requireInvariant CurrentMPIsNeverSmallerThanInitialMP(addr);
}
}

19 changes: 4 additions & 15 deletions certora/specs/StakeManager.spec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,29 +85,18 @@ invariant highEpochsAreNull(uint256 epochNumber)
m -> !requiresPreviousManager(m) && !requiresNextManager(m)
}

invariant InitialMPIsNeverSmallerThanBalance(address addr)
to_mathint(getAccountBonusMultiplierPoints(addr)) >= to_mathint(getAccountBalance(addr))
invariant accountBonusMPIsZeroIfBalanceIsZero(address addr)
to_mathint(getAccountBalance(addr)) == 0 => to_mathint(getAccountBonusMultiplierPoints(addr)) == 0
filtered {
f -> f.selector != sig:migrateFrom(address,bool,StakeManager.Account).selector
}

invariant CurrentMPIsNeverSmallerThanInitialMP(address addr)
to_mathint(getAccountCurrentMultiplierPoints(addr)) >= to_mathint(getAccountBonusMultiplierPoints(addr))
invariant accountMPIsZeroIfBalanceIsZero(address addr)
to_mathint(getAccountBalance(addr)) == 0 => to_mathint(getAccountCurrentMultiplierPoints(addr)) == 0
filtered {
f -> f.selector != sig:migrateFrom(address,bool,StakeManager.Account).selector
}

invariant MPcantBeGreaterThanMaxMP(address addr)
to_mathint(getAccountCurrentMultiplierPoints(addr)) <= (getAccountBalance(addr) * 8) + getAccountBonusMultiplierPoints(addr)
filtered {
f -> f.selector != sig:migrateFrom(address,bool,StakeManager.Account).selector
}
{ preserved {
requireInvariant InitialMPIsNeverSmallerThanBalance(addr);
requireInvariant CurrentMPIsNeverSmallerThanInitialMP(addr);
}
}

rule reachability(method f)
{
calldataarg args;
Expand Down
11 changes: 11 additions & 0 deletions certora/specs/shared.spec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,4 +39,15 @@ function getAccountLockUntil(address addr) returns uint256 {
return lockUntil;
}

invariant InitialMPIsNeverSmallerThanBalance(address addr)
to_mathint(getAccountBonusMultiplierPoints(addr)) >= to_mathint(getAccountBalance(addr))
filtered {
f -> f.selector != sig:_stakeManager.migrateFrom(address,bool,StakeManager.Account).selector
}

invariant CurrentMPIsNeverSmallerThanInitialMP(address addr)
to_mathint(getAccountCurrentMultiplierPoints(addr)) >= to_mathint(getAccountBonusMultiplierPoints(addr))
filtered {
f -> f.selector != sig:_stakeManager.migrateFrom(address,bool,StakeManager.Account).selector
}

1 change: 1 addition & 0 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@
"verify:stake_manager": "certoraRun certora/confs/StakeManager.conf",
"verify:stake_manager_start_migration": "certoraRun certora/confs/StakeManagerStartMigration.conf",
"verify:stake_manager_process": "certoraRun certora/confs/StakeManagerProcess.conf",
"verify:max_mp_rule": "certoraRun certora/confs/MaxMPRule.conf",
"release": "commit-and-tag-version",
"adorno": "pnpm prettier:write && forge fmt && pnpm gas-report"
},
Expand Down

0 comments on commit 44be126

Please sign in to comment.