mirror
/
openzeppelin-contracts
mirror of https://github.com/OpenZeppelin/openzeppelin-contracts
2
1
Fork 1
Code Issues Releases Wiki Activity
mirror of openzeppelin-contracts
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3016 Commits
56 Branches
139 Tags
74 MiB
 
 
 
 
 
Tag: Branch: Tree: 10f5d8d942
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '10f5d8d942'
${ noResults }
openzeppelin-contracts/certora/specs/AccessControl.spec

85 lines
2.1 KiB
Raw Blame History

methods {
grantRole(bytes32, address)
revokeRole(bytes32, address)
_checkRole(bytes32)
safeTransferFrom(address, address, uint256, uint256, bytes)
safeBatchTransferFrom(address, address, uint256[], uint256[], bytes)
getRoleAdmin(bytes32) returns(bytes32) envfree
hasRole(bytes32, address) returns(bool) envfree
}
// STATUS - verified
// If `onlyRole` modifier reverts then `grantRole()` reverts
rule onlyRoleModifierCheckGrant(env e){
bytes32 role; address account;
_checkRole@withrevert(e, getRoleAdmin(role));
bool checkRevert = lastReverted;
grantRole@withrevert(e, role, account);
bool grantRevert = lastReverted;
assert checkRevert => grantRevert, "modifier goes bananas";
}
// STATUS - verified
// check onlyRole modifier for revokeRole()
rule onlyRoleModifierCheckRevoke(env e){
bytes32 role; address account;
_checkRole@withrevert(e, getRoleAdmin(role));
bool checkRevert = lastReverted;
revokeRole@withrevert(e, role, account);
bool revokeRevert = lastReverted;
assert checkRevert => revokeRevert, "modifier goes bananas";
}
// STATUS - verified
// grantRole() does not affect another accounts
rule grantRoleEffect(env e){
bytes32 role; address account;
bytes32 anotherRole; address nonEffectedAcc;
require account != nonEffectedAcc;
bool hasRoleBefore = hasRole(anotherRole, nonEffectedAcc);
grantRole(e, role, account);
bool hasRoleAfter = hasRole(anotherRole, nonEffectedAcc);
assert hasRoleBefore == hasRoleAfter, "modifier goes bananas";
}
// STATUS - verified
// revokeRole() does not affect another accounts
rule revokeRoleEffect(env e){
bytes32 role; address account;
bytes32 anotherRole; address nonEffectedAcc;
require account != nonEffectedAcc;
bool hasRoleBefore = hasRole(anotherRole, nonEffectedAcc);
revokeRole(e, role, account);
bool hasRoleAfter = hasRole(anotherRole, nonEffectedAcc);
assert hasRoleBefore == hasRoleAfter, "modifier goes bananas";
}