|
|
|
|
@ -95,18 +95,6 @@ rule sequentialBurnsEquivalentToSingleBurnOfSum { |
|
|
|
|
"Sequential burns must be equivalent to a burn of their sum"; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/// This rule not needed (because multipleTokenBurnBurnBatchEquivalence) |
|
|
|
|
/// Unimplemented rule to verify additivty of burnBatch. |
|
|
|
|
/// Using only burnBatch, possible approach: |
|
|
|
|
/// Token with first and second burn amounts |
|
|
|
|
/// Round one two sequential burns in separate transactions |
|
|
|
|
/// Round two two sequential burns in the same transaction |
|
|
|
|
/// Round three one burn of sum |
|
|
|
|
rule sequentialBatchBurnsEquivalentToSingleBurnBatchOfSum { // TODO implement rule or remove |
|
|
|
|
assert false, |
|
|
|
|
"TODO just a placeholder that should always show up until rule is implemented"; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/// The result of burning a single token must be equivalent whether done via |
|
|
|
|
/// burn or burnBatch. |
|
|
|
|
rule singleTokenBurnBurnBatchEquivalence { |
|
|
|
|
@ -145,8 +133,6 @@ rule multipleTokenBurnBurnBatchEquivalence { |
|
|
|
|
uint256 burnAmountA; uint256 burnAmountB; uint256 burnAmountC; |
|
|
|
|
uint256[] tokens; uint256[] burnAmounts; |
|
|
|
|
|
|
|
|
|
// require tokenA != tokenB; require tokenB != tokenC; require tokenC != tokenA; |
|
|
|
|
|
|
|
|
|
mathint startingBalanceA = balanceOf(holder, tokenA); |
|
|
|
|
mathint startingBalanceB = balanceOf(holder, tokenB); |
|
|
|
|
mathint startingBalanceC = balanceOf(holder, tokenC); |
|
|
|
|
@ -176,13 +162,30 @@ rule multipleTokenBurnBurnBatchEquivalence { |
|
|
|
|
"Burning multiple tokens via burn or burnBatch must be equivalent"; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/// possible rule: |
|
|
|
|
/// like singleTokenBurnBurnBatchEquivalence but for no operation |
|
|
|
|
/// i.e. burnBatch on empty arrays does nothing |
|
|
|
|
/// If passed empty token and burn amount arrays, burnBatch must not change |
|
|
|
|
/// token balances or address permissions. |
|
|
|
|
rule burnBatchOnEmptyArraysChangesNothing { |
|
|
|
|
env e; |
|
|
|
|
|
|
|
|
|
/// skip frontrunning because |
|
|
|
|
/// (1) needing to filter a ton of rules for f |
|
|
|
|
/// (2) frontrunning before burning isn't a likely issue |
|
|
|
|
address holder; uint256 token; |
|
|
|
|
address nonHolderA; address nonHolderB; |
|
|
|
|
uint256 startingBalance = balanceOf(holder, token); |
|
|
|
|
bool startingPermissionNonHolderA = isApprovedForAll(holder, nonHolderA); |
|
|
|
|
bool startingPermissionNonHolderB = isApprovedForAll(holder, nonHolderB); |
|
|
|
|
uint256[] noTokens; uint256[] noBurnAmounts; |
|
|
|
|
require noTokens.length == 0; require noBurnAmounts.length == 0; |
|
|
|
|
|
|
|
|
|
burnBatch(e, holder, noTokens, noBurnAmounts); |
|
|
|
|
uint256 endingBalance = balanceOf(holder, token); |
|
|
|
|
bool endingPermissionNonHolderA = isApprovedForAll(holder, nonHolderA); |
|
|
|
|
bool endingPermissionNonHolderB = isApprovedForAll(holder, nonHolderB); |
|
|
|
|
|
|
|
|
|
assert startingBalance == endingBalance, |
|
|
|
|
"burnBatch must not change token balances if passed empty arrays"; |
|
|
|
|
assert startingPermissionNonHolderA == endingPermissionNonHolderA |
|
|
|
|
&& startingPermissionNonHolderB == endingPermissionNonHolderB, |
|
|
|
|
"burnBatch must not change account permissions if passed empty arrays"; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/// This rule should always fail. |
|
|
|
|
rule sanity { |
|
|
|
|
|
Thomas Adams
3 years ago