mirror
/
openzeppelin-contracts
mirror of https://github.com/OpenZeppelin/openzeppelin-contracts
2
1
Fork 1
Code Issues Releases Wiki Activity

ghosts and invariant unfinished

Browse Source
pull/2997/head
Michael M 3 years ago
parent c819e0b063
commit 34cb4bdc9c
1 changed files with 33 additions and 13 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 46
      certora/specs/GovernorBase.spec

46
certora/specs/GovernorBase.spec
Unescape View File

@ -1,4 +1,6 @@
// Governor.sol base definitions
//////////////////////////////////////////////////////////////////////////////
///////////////////// Governor.sol base definitions //////////////////////////
//////////////////////////////////////////////////////////////////////////////
methods {
proposalSnapshot(uint256) returns uint256 envfree // matches proposalVoteStart
proposalDeadline(uint256) returns uint256 envfree
@ -14,8 +16,24 @@ methods {
// internal functions made public in harness:
_quorumReached(uint256) returns bool envfree
_voteSucceeded(uint256) returns bool envfree
// getter for checking the sums
counter_vote_power_by_id(uint256) returns uint256 envfree
ghost_vote_power_by_id(uint256) returns uint256 envfree
counted_weight(uint256) returns uint256 envfree
}
//////////////////////////////////////////////////////////////////////////////
///////////////////////////////// GHOSTS /////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////
ghost vote_power_ghost() returns uint256;
hook Sstore ghost_vote_power_by_id[KEY uint256 pId] uint256 current_power STORAGE{
havoc vote_power_ghost assuming vote_power_ghost@new() == vote_power_ghost@old() + current_power;
}
//////////////////////////////////////////////////////////////////////////////
////////////////////////////// INVARIANTS ////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////
@ -38,18 +56,21 @@ invariant voteStartBeforeVoteEnd(uint256 pId)
/**
* A proposal cannot be both executed and canceled.
*/
invariant noBothExecutedAndCanceled(uint256 pId) !isExecuted(pId) || !isCanceled(pId)
invariant noBothExecutedAndCanceled(uint256 pId)
!isExecuted(pId) || !isCanceled(pId)
/**
* A proposal cannot be neither executed nor canceled before it starts
*/
invariant noExecuteOrCancelBeforeStarting(env e, uint256 pId) e.block.number < proposalSnapshot(pId)
=> !isExecuted(pId) && !isCanceled(pId)
invariant noExecuteOrCancelBeforeStarting(env e, uint256 pId)
e.block.number < proposalSnapshot(pId)
=> !isExecuted(pId) && !isCanceled(pId)
/**
* A proposal could be executed only if quorum was reached and vote succeeded
*/
invariant executionOnlyIfQuoromReachedAndVoteSucceeded(uint256 pId) isExecuted(pId) => _quorumReached(pId) && _voteSucceeded(pId)
invariant executionOnlyIfQuoromReachedAndVoteSucceeded(uint256 pId)
isExecuted(pId) => _quorumReached(pId) && _voteSucceeded(pId)
/*
* No functions should be allowed to run after a job is deemed as canceled
@ -69,7 +90,13 @@ invariant cannotSetIfExecuted(uint256 pId)
}
}
/*
* sum of all votes casted is equal to the sum of voting power of those who voted
*/
invariant SumOfVotesCastEqualSumOfPowerOfVoted(uint256 pId)
counted_weight(pId) == counter_vote_power_by_id(pId) &&
counted_weight(pId) == vote_power_ghost &&
counter_vote_power_by_id(pId) == vote_power_ghost
//////////////////////////////////////////////////////////////////////////////
/////////////////////////////////// RULES ////////////////////////////////////
@ -149,10 +176,3 @@ rule doubleVoting(uint256 pId, uint8 sup) {
assert reverted, "double voting accured";
}
/**
*
*/
rule votingSumAndPower(uint256 pId, uint8 sup, method f) {
}

Write Preview
Loading…
Cancel
Save