wrapper and timelockController cleaning

3 years ago · a35ad6dfc3
parent 5153c462d5
commit a35ad6dfc3
5 changed files with 18 additions and 32 deletions
--- a/certora/munged/token/ERC20/extensions/ERC20FlashMint.sol
+++ b/certora/munged/token/ERC20/extensions/ERC20FlashMint.sol
@ -72,7 +72,7 @@ abstract contract ERC20FlashMint is ERC20, IERC3156FlashLender {
        uint256 fee = flashFee(token, amount);
        _mint(address(receiver), amount);
        require(
-            receiver.onFlashLoan(msg.sender, token, amount, fee, data) == _RETURN_VALUE,        // HAVOC_ALL
+            receiver.onFlashLoan(msg.sender, token, amount, fee, data) == _RETURN_VALUE,
            "ERC20FlashMint: invalid return value"
        );
        uint256 currentAllowance = allowance(address(receiver), address(this));
--- a/certora/scripts/verifyERC20FlashMint.sh
+++ b/certora/scripts/verifyERC20FlashMint.sh
@ -6,5 +6,5 @@ certoraRun \
    --optimistic_loop \
    --staging \
    --rule_sanity \
-    --msg "letsWatchItBurns"
+    --msg "flashMint"
    
--- a/certora/scripts/verifyERC20Wrapper.sh
+++ b/certora/scripts/verifyERC20Wrapper.sh
@ -6,5 +6,5 @@ certoraRun \
    --optimistic_loop \
    --staging \
    --rule_sanity \
-    --msg "all check"
+    --msg "wrapper spec sanity check fixes"
    
--- a/certora/specs/ERC20Wrapper.spec
+++ b/certora/specs/ERC20Wrapper.spec
@ -19,24 +19,22 @@ invariant whatAboutTotal(env e)
    {
        preserved {
            require underlyingBalanceOf(currentContract) <= underlyingTotalSupply();
-            require underlying() != currentContract;
        }
        preserved depositFor(address account, uint256 amount) with (env e2){
-            require underlyingBalanceOf(currentContract) <= underlyingTotalSupply();
            require totalSupply(e) + amount <= underlyingTotalSupply();
-            require underlying() != currentContract;
        }
    }


-// STATUS - in progress
-// https://vaas-stg.certora.com/output/3106/a5f4943cd2987dccab94/?anonymousKey=9428fb1588845c0222c2abe5b00dedd59c925870
+// STATUS - verified
 // totalsupply of wrapped should be less than or equal to the underlying balanceOf contract (assuming no external transfer) - solvency
 invariant underTotalAndContractBalanceOfCorrelation(env e)
    totalSupply(e) <= underlyingBalanceOf(currentContract)
    {
-        preserved {
+        preserved with (env e2) {
            require underlying() != currentContract;
+            require e.msg.sender != currentContract;
+            require e.msg.sender == e2.msg.sender;
        }
    }

@ -65,10 +63,12 @@ rule depositForSpecBasic(env e){
 }


+// STATUS - verified
+// check correct values update by depositFor()
 rule depositForSpecWrapper(env e){
    address account; uint256 amount;

-    require e.msg.sender != currentContract;
+    // require e.msg.sender != currentContract;
    require underlying() != currentContract;

    uint256 wrapperUserBalanceBefore = balanceOf(e, account);
@ -87,6 +87,8 @@ rule depositForSpecWrapper(env e){
 }


+// STATUS - verified
+// check correct values update by depositFor()
 rule depositForSpecUnderlying(env e){
    address account; uint256 amount;

@ -118,7 +120,6 @@ rule depositForSpecUnderlying(env e){
 rule withdrawToSpecBasic(env e){
    address account; uint256 amount;

-    require e.msg.sender != currentContract;
    require underlying() != currentContract;

    uint256 wrapperTotalBefore = totalSupply(e);
@ -134,10 +135,11 @@ rule withdrawToSpecBasic(env e){
 }


+// STATUS - verified
+// check correct values update by withdrawTo()
 rule withdrawToSpecWrapper(env e){
    address account; uint256 amount;

-    require e.msg.sender != currentContract;
    require underlying() != currentContract;

    uint256 wrapperUserBalanceBefore = balanceOf(e, account);
@ -156,6 +158,8 @@ rule withdrawToSpecWrapper(env e){
 }


+// STATUS - verified
+// check correct values update by withdrawTo()
 rule withdrawToSpecUnderlying(env e){
    address account; uint256 amount;

@ -187,15 +191,11 @@ rule withdrawToSpecUnderlying(env e){
 // STATUS - verified
 // check correct values update by _recover()
 rule recoverSpec(env e){
-    address account; uint256 amount; // e.msg.sender
-    require underlying() != currentContract;
-
-    require e.msg.sender != currentContract;
+    address account; uint256 amount;

    uint256 wrapperTotalBefore = totalSupply(e);
    uint256 wrapperUserBalanceBefore = balanceOf(e, account);
    uint256 wrapperSenderBalanceBefore = balanceOf(e, e.msg.sender);
-
    uint256 underlyingThisBalanceBefore = underlyingBalanceOf(currentContract);   

    mathint value = underlyingThisBalanceBefore - wrapperTotalBefore;
--- a/certora/specs/TimelockController.spec
+++ b/certora/specs/TimelockController.spec
@ -177,20 +177,6 @@ rule minDealyOnlyChange(method f, env e){
 }


-// STATUS - verified
-// Only proposers can schedule an operation
-rule scheduleOnlyWay(method f, env e){
-    uint256 delayBefore = _minDelay();    
-
-    calldataarg args;
-    f(e, args);
-
-    uint256 delayAfter = _minDelay();
-
-    assert delayBefore != delayAfter => e.msg.sender == currentContract, "You cannot change your destiny! Only I can!";
-}
-
-
 // STATUS - in progress (need working hash)
 // execute() is the only way to set timestamp to 1
 rule getTimestampOnlyChange(method f, env e){
@ -291,7 +277,7 @@ rule cancelledNotExecuted(method f, env e){
 }


-// STATUS - in progress
+// STATUS - in progress (add schedule batch)
 // Only proposers can schedule an operation
 rule onlyProposer(method f, env e){
    bytes32 id;