|
|
|
|
@ -1,4 +1,34 @@ |
|
|
|
|
|
|
|
|
|
methods { |
|
|
|
|
totalSupply(uint256) returns uint256 envfree |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/// given two different token ids, if totalSupply for one changes, then |
|
|
|
|
/// totalSupply for other should not |
|
|
|
|
rule token_totalSupply_independence(method f) |
|
|
|
|
filtered { |
|
|
|
|
f -> f.selector != _burnBatch(address,uint256[],uint256[]).selector |
|
|
|
|
&& f.selector != _mintBatch(address,uint256[],uint256[],bytes).selector |
|
|
|
|
&& f.selector != safeBatchTransferFrom(address,address,uint256[],uint256[],bytes).selector |
|
|
|
|
} |
|
|
|
|
{ |
|
|
|
|
uint256 token1; uint256 token2; |
|
|
|
|
require token1 != token2; |
|
|
|
|
|
|
|
|
|
uint256 token1_before = totalSupply(token1); |
|
|
|
|
uint256 token2_before = totalSupply(token2); |
|
|
|
|
|
|
|
|
|
env e; calldataarg args; |
|
|
|
|
f(e, args); |
|
|
|
|
|
|
|
|
|
uint256 token1_after = totalSupply(token1); |
|
|
|
|
uint256 token2_after = totalSupply(token2); |
|
|
|
|
|
|
|
|
|
assert token1_after != token1_before => token2_after == token2_before, |
|
|
|
|
"methods must not change the total supply of more than one token"; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
rule sanity { |
|
|
|
|
method f; env e; calldataarg args; |
|
|
|
|
|
|
|
|
|
|
Michael George
3 years ago