-
Notifications
You must be signed in to change notification settings - Fork 351
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test: certora spec for RewardsCoordinator #597
base: dev
Are you sure you want to change the base?
Conversation
This comment was marked as off-topic.
This comment was marked as off-topic.
|
||
import "../../src/contracts/core/RewardsCoordinator.sol"; | ||
|
||
contract RewardsCoordinatorHarness is RewardsCoordinator { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is there a reason for having a harness here if you aren't adding any functions?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was made in case there were any internal functions needed to be made. Looks like we can just remove though
rule claimWithduplicateTokenLeafs(env e, IRewardsCoordinator.RewardsMerkleClaim claim, address recipient) { | ||
require claim.tokenLeaves.length == 1; | ||
|
||
checkClaim(e, claim); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what's the point of this call?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Its to ensure that the claim is valid.
since checkClaim doesn't have @withrevert any successful paths of this rule will include checkClaim not reverting. Probably more clear by just having require checkClaim
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
makes sense, but adding 'require' syntax would definitely be clearer
"optimistic_loop": true, | ||
"optimistic_hashing": true, | ||
"rule_sanity": "basic", | ||
"exclude_rule": ["checkClaimNeverFalse"], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so is this rule just failing to pass right now then?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No the rule is called in paymentCoordinatorWithoutSanity.conf. The reason for the separate conf is that this rule fails the sanity check since checkClaim reverts instead of returning false.
|
|
||
processClaim@withrevert(e, claim, recipient); | ||
|
||
assert !lastReverted => canWork; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you assert equality here? that would be stronger if possible; I'm not sure it would work with the summarization of verifyInclusionKeccak
though...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The summarization may be an issue but all other revert reasons will also be problematic. First its things like the contract being paused, in reentrant mode, and >0 msg.value being sent, then compiler checks which are harder to understand.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. I have a few minor questions but nothing that I think is particularly worth blocking on.
|
{ | ||
IRewardsCoordinator.RewardsSubmission[] rewardsSubmission1; | ||
IRewardsCoordinator.RewardsSubmission[] rewardsSubmission2; | ||
IRewardsCoordinator.RewardsSubmission[] rewardsSubmissions; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this rule is checking batch equivalency, right?
|
can we close or merge this? @8sunyuan |
Included spec as a github workflow with
certora-prover-conf.yml