NoBey/openzeppelin-contracts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix specs

Browse Source
This commit is contained in:
Hadrien Croubois
2023-03-15 22:17:11 +01:00
parent d0b259546f
commit 74f613f5cc
4 changed files with 10 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
certora/specs.js
View File

@ -53,7 +53,7 @@ module.exports = [].concat(
product( product(
[ [
...product(['GovernorHarness'], ['GovernorInvariants', 'GovernorBaseRules', 'GovernorChanges', 'GovernorStates']), ...product(['GovernorHarness'], ['GovernorInvariants', 'GovernorBaseRules', 'GovernorChanges', 'GovernorStates']),
...product(['GovernorPreventLateHarness'], ['GovernorPreventLateHarness']), ...product(['GovernorPreventLateHarness'], ['GovernorPreventLateQuorum']),
], ],
['ERC20VotesBlocknumberHarness', 'ERC20VotesTimestampHarness'], ['ERC20VotesBlocknumberHarness', 'ERC20VotesTimestampHarness'],
).map(([contract, spec, token]) => ({ ).map(([contract, spec, token]) => ({

16
certora/specs/GovernorBaseRules.spec
View File

@ -77,11 +77,12 @@ rule againstVotesDontCountTowardsQuorum(uint256 pId, env e, method f)
filtered { f -> voting(f) } filtered { f -> voting(f) }
{ {
address voter; address voter;
uint8 support = 0; // Against
helperVoteWithRevert(e, f, pId, voter, support); bool quorumReachedBefore = quorumReached(pId);
assert quorumReached(pId) == quorumBefore, "quorum must not be reached with an against vote"; helperVoteWithRevert(e, f, pId, voter, 0); // support 0 = against
assert quorumReached(pId) == quorumReachedBefore, "quorum must not be reached with an against vote";
} }
/* /*
@ -137,14 +138,9 @@ rule noExecuteBeforeDeadline(uint256 pId, env e, method f, calldataarg args)
Invariant: The quorum numerator is always less than or equal to the quorum denominator Invariant: The quorum numerator is always less than or equal to the quorum denominator
└─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
*/ */
invariant quorumRatioLessThanOne(env e, uint256 blockNumber) invariant quorumRatioLessThanOne(uint256 blockNumber)
quorumNumerator(e, blockNumber) <= quorumDenominator() quorumNumerator(blockNumber) <= quorumDenominator()
filtered { f -> !skip(f) } filtered { f -> !skip(f) }
{
preserved {
require clockSanity(e);
}
}
/* /*
┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐

2
certora/specs/GovernorPreventLateQuorum.spec
View File

@ -24,7 +24,7 @@ rule deadlineChangeToPreventLateQuorum(uint256 pId, env e, method f, calldataarg
filtered { f -> !skip(f) } filtered { f -> !skip(f) }
{ {
requireInvariant proposalStateConsistency(pId); requireInvariant proposalStateConsistency(pId);
requireInvariant votesImplySnapshotPassed(pId); requireInvariant votesImplySnapshotPassed(e, pId);
// This is not (easily) provable as an invariant because the prover think `_totalSupplyCheckpoints` // This is not (easily) provable as an invariant because the prover think `_totalSupplyCheckpoints`
// can arbitrarily change, which causes the quorum() to change. Not sure how to fix that. // can arbitrarily change, which causes the quorum() to change. Not sure how to fix that.

4
certora/specs/GovernorStates.spec
View File

@ -139,11 +139,11 @@ rule onlyVoteCanChangeQuorumReached(uint256 pId, env e, method f, calldataarg ar
{ {
require clockSanity(e); require clockSanity(e);
bool quorumReachedBefore = quorumReached(e, pId); bool quorumReachedBefore = quorumReached(pId);
f(e, args); f(e, args);
assert quorumReached(e, pId) != quorumReachedBefore => ( assert quorumReached(pId) != quorumReachedBefore => (
!quorumReachedBefore && !quorumReachedBefore &&
votingAll(f) votingAll(f)
); );