diff --git a/certora/scripts/verifyAll.sh b/certora/scripts/verifyAll.sh index 90d76912c..4e04714bb 100644 --- a/certora/scripts/verifyAll.sh +++ b/certora/scripts/verifyAll.sh @@ -2,6 +2,8 @@ make -C certora munged + + for contract in certora/harnesses/Wizard*.sol; do for spec in certora/specs/*.spec; @@ -37,3 +39,4 @@ do fi done done + diff --git a/certora/scripts/verifyAll2.sh b/certora/scripts/verifyAll2.sh new file mode 100644 index 000000000..43c73e477 --- /dev/null +++ b/certora/scripts/verifyAll2.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +make -C certora munged + +sh certora/scripts/verifyAllSasha +sh certora/scripts/verifyERC20Votes.sh "checking ERC20Votes.spec on ERC20Votes.sol" +sh certora/scripts/verifyERC721Votes.sh "checking ERC721Votes.spec on draft-ERC721Votes.sol and Votes.sol" \ No newline at end of file diff --git a/certora/scripts/verifyERC20Votes.sh b/certora/scripts/verifyERC20Votes.sh index 22766e175..8bc5ed9fc 100644 --- a/certora/scripts/verifyERC20Votes.sh +++ b/certora/scripts/verifyERC20Votes.sh @@ -17,8 +17,9 @@ certoraRun \ certora/harnesses/ERC20VotesHarness.sol \ --verify ERC20VotesHarness:certora/specs/ERC20Votes.spec \ --solc solc8.2 \ + --disableLocalTypeChecking \ --optimistic_loop \ - --loop_iter 4 \ + --settings -copyLoopUnroll=4 \ + --send_only \ --staging "alex/new-dt-hashing-alpha" \ --msg "${msg}" \ - --rule_sanity diff --git a/certora/scripts/verifyERC721Votes.sh b/certora/scripts/verifyERC721Votes.sh index cb23c2c64..2f089b1c2 100644 --- a/certora/scripts/verifyERC721Votes.sh +++ b/certora/scripts/verifyERC721Votes.sh @@ -18,8 +18,9 @@ certoraRun \ certora/munged/utils/Checkpoints.sol \ --verify ERC721VotesHarness:certora/specs/ERC721Votes.spec \ --solc solc8.2 \ + --disableLocalTypeChecking \ --optimistic_loop \ - --loop_iter 4 \ + --settings -copyLoopUnroll=4 \ + --send_only \ --staging "alex/new-dt-hashing-alpha" \ - --msg "${msg}" \ - # --rule_sanity \ No newline at end of file + --msg "${msg}" \ \ No newline at end of file diff --git a/certora/specs/ERC20Votes.spec b/certora/specs/ERC20Votes.spec index d24e400b8..147587d83 100644 --- a/certora/specs/ERC20Votes.spec +++ b/certora/specs/ERC20Votes.spec @@ -27,7 +27,9 @@ methods { } // gets the most recent votes for a user -ghost userVotes(address) returns uint224; +ghost userVotes(address) returns uint224 { + init_state axiom forall address a. userVotes(a) == 0; +} // sums the total votes for all users ghost totalVotes() returns mathint { @@ -80,17 +82,22 @@ invariant sanity_invariant() totalSupply() >= 0 // sum of user balances is >= total amount of delegated votes -// blocked by tool error +// fails on burn. This is because burn does not remove votes from the users invariant votes_solvency() to_mathint(totalSupply()) >= totalVotes() { preserved with(env e) { require forall address account. numCheckpoints(account) < 1000000; - requireInvariant totalVotes_sums_accounts(); + // requireInvariant totalVotes_sums_accounts(); } } -invariant totalVotes_sums_accounts() - forall address a. forall address b. (a != b && a != 0x0 && b != 0x0) => totalVotes() >= getVotes(delegates(a)) + getVotes(delegates(b)) +// invariant totalVotes_sums_accounts() +// forall address a. forall address b. (a != b && a != 0x0 && b != 0x0) => totalVotes() >= getVotes(delegates(a)) + getVotes(delegates(b)) +// invariant totalVotes_sums_accounts() +// forall address a. forall address b. (a != b) => totalVotes() >= userVotes(a) + userVotes(b) +// { preserved { +// require forall address account. numCheckpoints(account) < 1000000; +// }} // for some checkpoint, the fromBlock is less than the current block number diff --git a/certora/specs/ERC721Votes.spec b/certora/specs/ERC721Votes.spec index e53fdb9e4..670f1fd59 100644 --- a/certora/specs/ERC721Votes.spec +++ b/certora/specs/ERC721Votes.spec @@ -31,7 +31,9 @@ methods { } // gets the most recent votes for a user -ghost userVotes(address) returns uint224; +ghost userVotes(address) returns uint224{ + init_state axiom forall address a. userVotes(a) == 0; +} // sums the total votes for all users ghost totalVotes() returns mathint { @@ -82,11 +84,11 @@ invariant votes_solvency() to_mathint(totalSupply()) >= totalVotes() { preserved with(env e) { require forall address account. numCheckpoints(account) < 1000000; - requireInvariant totalVotes_sums_accounts(); + // requireInvariant totalVotes_sums_accounts(); } } -invariant totalVotes_sums_accounts() - forall address a. forall address b. (a != b && a != 0x0 && b != 0x0) => totalVotes() >= getVotes(delegates(a)) + getVotes(delegates(b)) +// invariant totalVotes_sums_accounts() +// forall address a. forall address b. (a != b && a != 0x0 && b != 0x0) => totalVotes() >= getVotes(delegates(a)) + getVotes(delegates(b)) // for some checkpoint, the fromBlock is less than the current block number