diff --git a/certora/munged/token/ERC20/extensions/ERC20FlashMint.sol b/certora/munged/token/ERC20/extensions/ERC20FlashMint.sol index 2a811cacf..eb2cadd00 100644 --- a/certora/munged/token/ERC20/extensions/ERC20FlashMint.sol +++ b/certora/munged/token/ERC20/extensions/ERC20FlashMint.sol @@ -72,7 +72,7 @@ abstract contract ERC20FlashMint is ERC20, IERC3156FlashLender { uint256 fee = flashFee(token, amount); _mint(address(receiver), amount); require( - receiver.onFlashLoan(msg.sender, token, amount, fee, data) == _RETURN_VALUE, // HAVOC_ALL + receiver.onFlashLoan(msg.sender, token, amount, fee, data) == _RETURN_VALUE, "ERC20FlashMint: invalid return value" ); uint256 currentAllowance = allowance(address(receiver), address(this)); diff --git a/certora/scripts/verifyERC20FlashMint.sh b/certora/scripts/verifyERC20FlashMint.sh index 84ec58eff..cd29f5b1a 100644 --- a/certora/scripts/verifyERC20FlashMint.sh +++ b/certora/scripts/verifyERC20FlashMint.sh @@ -6,5 +6,5 @@ certoraRun \ --optimistic_loop \ --staging \ --rule_sanity \ - --msg "letsWatchItBurns" + --msg "flashMint" \ No newline at end of file diff --git a/certora/scripts/verifyERC20Wrapper.sh b/certora/scripts/verifyERC20Wrapper.sh index e4557724f..c4aaef9ff 100644 --- a/certora/scripts/verifyERC20Wrapper.sh +++ b/certora/scripts/verifyERC20Wrapper.sh @@ -6,5 +6,5 @@ certoraRun \ --optimistic_loop \ --staging \ --rule_sanity \ - --msg "all check" + --msg "wrapper spec sanity check fixes" \ No newline at end of file diff --git a/certora/specs/ERC20Wrapper.spec b/certora/specs/ERC20Wrapper.spec index 126be7297..3ea288545 100644 --- a/certora/specs/ERC20Wrapper.spec +++ b/certora/specs/ERC20Wrapper.spec @@ -19,24 +19,22 @@ invariant whatAboutTotal(env e) { preserved { require underlyingBalanceOf(currentContract) <= underlyingTotalSupply(); - require underlying() != currentContract; } preserved depositFor(address account, uint256 amount) with (env e2){ - require underlyingBalanceOf(currentContract) <= underlyingTotalSupply(); require totalSupply(e) + amount <= underlyingTotalSupply(); - require underlying() != currentContract; } } -// STATUS - in progress -// https://vaas-stg.certora.com/output/3106/a5f4943cd2987dccab94/?anonymousKey=9428fb1588845c0222c2abe5b00dedd59c925870 +// STATUS - verified // totalsupply of wrapped should be less than or equal to the underlying balanceOf contract (assuming no external transfer) - solvency invariant underTotalAndContractBalanceOfCorrelation(env e) totalSupply(e) <= underlyingBalanceOf(currentContract) { - preserved { + preserved with (env e2) { require underlying() != currentContract; + require e.msg.sender != currentContract; + require e.msg.sender == e2.msg.sender; } } @@ -65,10 +63,12 @@ rule depositForSpecBasic(env e){ } +// STATUS - verified +// check correct values update by depositFor() rule depositForSpecWrapper(env e){ address account; uint256 amount; - require e.msg.sender != currentContract; + // require e.msg.sender != currentContract; require underlying() != currentContract; uint256 wrapperUserBalanceBefore = balanceOf(e, account); @@ -87,6 +87,8 @@ rule depositForSpecWrapper(env e){ } +// STATUS - verified +// check correct values update by depositFor() rule depositForSpecUnderlying(env e){ address account; uint256 amount; @@ -118,7 +120,6 @@ rule depositForSpecUnderlying(env e){ rule withdrawToSpecBasic(env e){ address account; uint256 amount; - require e.msg.sender != currentContract; require underlying() != currentContract; uint256 wrapperTotalBefore = totalSupply(e); @@ -134,10 +135,11 @@ rule withdrawToSpecBasic(env e){ } +// STATUS - verified +// check correct values update by withdrawTo() rule withdrawToSpecWrapper(env e){ address account; uint256 amount; - require e.msg.sender != currentContract; require underlying() != currentContract; uint256 wrapperUserBalanceBefore = balanceOf(e, account); @@ -156,6 +158,8 @@ rule withdrawToSpecWrapper(env e){ } +// STATUS - verified +// check correct values update by withdrawTo() rule withdrawToSpecUnderlying(env e){ address account; uint256 amount; @@ -187,15 +191,11 @@ rule withdrawToSpecUnderlying(env e){ // STATUS - verified // check correct values update by _recover() rule recoverSpec(env e){ - address account; uint256 amount; // e.msg.sender - require underlying() != currentContract; - - require e.msg.sender != currentContract; + address account; uint256 amount; uint256 wrapperTotalBefore = totalSupply(e); uint256 wrapperUserBalanceBefore = balanceOf(e, account); uint256 wrapperSenderBalanceBefore = balanceOf(e, e.msg.sender); - uint256 underlyingThisBalanceBefore = underlyingBalanceOf(currentContract); mathint value = underlyingThisBalanceBefore - wrapperTotalBefore; diff --git a/certora/specs/TimelockController.spec b/certora/specs/TimelockController.spec index b4dc024ce..8efcbb508 100644 --- a/certora/specs/TimelockController.spec +++ b/certora/specs/TimelockController.spec @@ -177,20 +177,6 @@ rule minDealyOnlyChange(method f, env e){ } -// STATUS - verified -// Only proposers can schedule an operation -rule scheduleOnlyWay(method f, env e){ - uint256 delayBefore = _minDelay(); - - calldataarg args; - f(e, args); - - uint256 delayAfter = _minDelay(); - - assert delayBefore != delayAfter => e.msg.sender == currentContract, "You cannot change your destiny! Only I can!"; -} - - // STATUS - in progress (need working hash) // execute() is the only way to set timestamp to 1 rule getTimestampOnlyChange(method f, env e){ @@ -291,7 +277,7 @@ rule cancelledNotExecuted(method f, env e){ } -// STATUS - in progress +// STATUS - in progress (add schedule batch) // Only proposers can schedule an operation rule onlyProposer(method f, env e){ bytes32 id;