|
|
|
|
@ -3,9 +3,9 @@ methods { |
|
|
|
|
isApprovedForAll(address,address) returns bool envfree |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/// If a method call reduces account balances, the caller should be either the |
|
|
|
|
/// owner of the account or approved by the owner to act on its behalf. |
|
|
|
|
rule onlyApprovedCanReduceBalance { |
|
|
|
|
/// If a method call reduces account balances, the caller must be either the |
|
|
|
|
/// owner of the account or approved by the owner to act on the owner's behalf. |
|
|
|
|
rule onlyHolderOrApprovedCanReduceBalance { |
|
|
|
|
address holder; uint256 token; uint256 amount; |
|
|
|
|
uint256 balanceBefore = balanceOf(holder, token); |
|
|
|
|
|
|
|
|
|
@ -14,7 +14,8 @@ rule onlyApprovedCanReduceBalance { |
|
|
|
|
|
|
|
|
|
uint256 balanceAfter = balanceOf(holder, token); |
|
|
|
|
|
|
|
|
|
assert balanceAfter < balanceBefore => e.msg.sender == holder || isApprovedForAll(holder, e.msg.sender); // TODO add assert message |
|
|
|
|
assert balanceAfter < balanceBefore => e.msg.sender == holder || isApprovedForAll(holder, e.msg.sender), |
|
|
|
|
"An account balance may only be reduced by the holder or a holder-approved agent"; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/// This rule should always fail. |
|
|
|
|
|
Thomas Adams
3 years ago