Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

test: certora spec for RewardsCoordinator #597

Open
wants to merge 4 commits into
base: dev
Choose a base branch
from
Open

Conversation

8sunyuan
Copy link
Collaborator

Included spec as a github workflow with certora-prover-conf.yml

@8sunyuan 8sunyuan requested a review from ChaoticWalrus June 24, 2024 14:18

This comment was marked as off-topic.


import "../../src/contracts/core/RewardsCoordinator.sol";

contract RewardsCoordinatorHarness is RewardsCoordinator {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is there a reason for having a harness here if you aren't adding any functions?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was made in case there were any internal functions needed to be made. Looks like we can just remove though

rule claimWithduplicateTokenLeafs(env e, IRewardsCoordinator.RewardsMerkleClaim claim, address recipient) {
require claim.tokenLeaves.length == 1;

checkClaim(e, claim);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what's the point of this call?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Its to ensure that the claim is valid.
since checkClaim doesn't have @withrevert any successful paths of this rule will include checkClaim not reverting. Probably more clear by just having require checkClaim

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

makes sense, but adding 'require' syntax would definitely be clearer

"optimistic_loop": true,
"optimistic_hashing": true,
"rule_sanity": "basic",
"exclude_rule": ["checkClaimNeverFalse"],
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so is this rule just failing to pass right now then?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No the rule is called in paymentCoordinatorWithoutSanity.conf. The reason for the separate conf is that this rule fails the sanity check since checkClaim reverts instead of returning false.

Copy link

Reading tracefile ./lcov.info.pruned
                                             |Lines      |Functions|Branches  
Filename                                       |Rate    Num|Rate  Num|Rate   Num
================================================================================
[src/contracts/]
core/AVSDirectory.sol                          |77.8%    27|77.8%   9|    -    0
core/AVSDirectoryStorage.sol                   | 0.0%     1| 0.0%   1|    -    0
core/DelegationManager.sol                     |96.4%   196|92.3%  39|    -    0
core/DelegationManagerStorage.sol              | 100%     3| 100%   1|    -    0
core/RewardsCoordinator.sol                    |93.5%   108|83.3%  30|    -    0
core/RewardsCoordinatorStorage.sol             | 0.0%     9| 0.0%   1|    -    0
core/StrategyManager.sol                       |95.2%    83|95.8%  24|    -    0
core/StrategyManagerStorage.sol                | 0.0%     3| 0.0%   1|    -    0
libraries/BeaconChainProofs.sol                |95.5%    44|91.7%  12|    -    0
libraries/BytesLib.sol                         | 8.0%    50| 7.1%  14|    -    0
libraries/EIP1271SignatureUtils.sol            | 100%     3| 100%   1|    -    0
libraries/Endian.sol                           | 100%     3| 100%   1|    -    0
libraries/Merkle.sol                           | 100%    30| 100%   5|    -    0
libraries/StructuredLinkedList.sol             | 0.0%    45| 0.0%  19|    -    0
permissions/Pausable.sol                       |95.7%    23|90.9%  11|    -    0
permissions/PauserRegistry.sol                 | 100%    12| 100%   6|    -    0
pods/DelayedWithdrawalRouter.sol               |93.2%    59|85.7%  14|    -    0
pods/EigenPod.sol                              | 100%   150| 100%  33|    -    0
pods/EigenPodManager.sol                       |98.8%    84|89.5%  19|    -    0
pods/EigenPodManagerStorage.sol                | 0.0%     5| 0.0%   1|    -    0
strategies/EigenStrategy.sol                   | 0.0%    10| 0.0%   5|    -    0
strategies/StrategyBase.sol                    |89.7%    39|77.8%  18|    -    0
strategies/StrategyBaseTVLLimits.sol           | 100%    12|83.3%   6|    -    0
token/BackingEigen.sol                         |72.0%    25|50.0%  10|    -    0
token/Eigen.sol                                |38.5%    39|50.0%  12|    -    0
utils/UpgradeableSignatureCheckingUtils.sol    | 0.0%     6| 0.0%   4|    -    0
================================================================================
                                       Total:|82.0%  1069|73.7% 297|    -    0


processClaim@withrevert(e, claim, recipient);

assert !lastReverted => canWork;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you assert equality here? that would be stronger if possible; I'm not sure it would work with the summarization of verifyInclusionKeccak though...

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The summarization may be an issue but all other revert reasons will also be problematic. First its things like the contract being paused, in reentrant mode, and >0 msg.value being sent, then compiler checks which are harder to understand.

Copy link
Contributor

@ChaoticWalrus ChaoticWalrus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I have a few minor questions but nothing that I think is particularly worth blocking on.

Copy link

Reading tracefile ./lcov.info.pruned
                                             |Lines      |Functions|Branches  
Filename                                       |Rate    Num|Rate  Num|Rate   Num
================================================================================
[src/contracts/]
core/AVSDirectory.sol                          |77.8%    27|77.8%   9|    -    0
core/AVSDirectoryStorage.sol                   | 0.0%     1| 0.0%   1|    -    0
core/DelegationManager.sol                     |96.4%   196|92.3%  39|    -    0
core/DelegationManagerStorage.sol              | 100%     3| 100%   1|    -    0
core/RewardsCoordinator.sol                    |93.5%   108|83.3%  30|    -    0
core/RewardsCoordinatorStorage.sol             | 0.0%     9| 0.0%   1|    -    0
core/StrategyManager.sol                       |95.2%    83|95.8%  24|    -    0
core/StrategyManagerStorage.sol                | 0.0%     3| 0.0%   1|    -    0
libraries/BeaconChainProofs.sol                |95.5%    44|91.7%  12|    -    0
libraries/BytesLib.sol                         | 8.0%    50| 7.1%  14|    -    0
libraries/EIP1271SignatureUtils.sol            | 100%     3| 100%   1|    -    0
libraries/Endian.sol                           | 100%     3| 100%   1|    -    0
libraries/Merkle.sol                           | 100%    30| 100%   5|    -    0
libraries/StructuredLinkedList.sol             | 0.0%    45| 0.0%  19|    -    0
permissions/Pausable.sol                       |95.7%    23|90.9%  11|    -    0
permissions/PauserRegistry.sol                 | 100%    12| 100%   6|    -    0
pods/DelayedWithdrawalRouter.sol               |93.2%    59|85.7%  14|    -    0
pods/EigenPod.sol                              | 100%   150| 100%  33|    -    0
pods/EigenPodManager.sol                       |98.8%    84|89.5%  19|    -    0
pods/EigenPodManagerStorage.sol                | 0.0%     5| 0.0%   1|    -    0
strategies/EigenStrategy.sol                   | 0.0%    10| 0.0%   5|    -    0
strategies/StrategyBase.sol                    |89.7%    39|77.8%  18|    -    0
strategies/StrategyBaseTVLLimits.sol           | 100%    12|83.3%   6|    -    0
token/BackingEigen.sol                         |72.0%    25|50.0%  10|    -    0
token/Eigen.sol                                |38.5%    39|50.0%  12|    -    0
utils/UpgradeableSignatureCheckingUtils.sol    | 0.0%     6| 0.0%   4|    -    0
================================================================================
                                       Total:|82.0%  1069|73.7% 297|    -    0

Comment on lines +116 to +120
{
IRewardsCoordinator.RewardsSubmission[] rewardsSubmission1;
IRewardsCoordinator.RewardsSubmission[] rewardsSubmission2;
IRewardsCoordinator.RewardsSubmission[] rewardsSubmissions;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this rule is checking batch equivalency, right?

Copy link

Reading tracefile ./lcov.info.pruned
                                             |Lines      |Functions|Branches  
Filename                                       |Rate    Num|Rate  Num|Rate   Num
================================================================================
[src/contracts/]
core/AVSDirectory.sol                          |77.8%    27|77.8%   9|    -    0
core/DelegationManager.sol                     |96.5%   198|92.3%  39|    -    0
core/RewardsCoordinator.sol                    |90.8%   119|81.2%  32|    -    0
core/StrategyManager.sol                       |95.2%    83|95.8%  24|    -    0
libraries/BeaconChainProofs.sol                | 100%    22| 100%  11|    -    0
libraries/BytesLib.sol                         | 0.0%   156| 0.0%  14|    -    0
libraries/EIP1271SignatureUtils.sol            | 100%     3| 100%   1|    -    0
libraries/Endian.sol                           | 100%     2| 100%   1|    -    0
libraries/Merkle.sol                           | 100%    38| 100%   5|    -    0
libraries/StructuredLinkedList.sol             | 0.0%    45| 0.0%  19|    -    0
permissions/Pausable.sol                       |95.7%    23|90.9%  11|    -    0
permissions/PauserRegistry.sol                 | 100%    12| 100%   6|    -    0
pods/EigenPod.sol                              | 100%   122|96.2%  26|    -    0
pods/EigenPodManager.sol                       |98.7%    75|85.7%  14|    -    0
strategies/EigenStrategy.sol                   | 0.0%    10| 0.0%   5|    -    0
strategies/StrategyBase.sol                    |90.9%    44|78.9%  19|    -    0
strategies/StrategyBaseTVLLimits.sol           | 100%    12|83.3%   6|    -    0
strategies/StrategyFactory.sol                 |94.3%    35|88.9%   9|    -    0
token/BackingEigen.sol                         |72.0%    25|50.0%  10|    -    0
token/Eigen.sol                                |38.5%    39|50.0%  12|    -    0
utils/UpgradeableSignatureCheckingUtils.sol    | 0.0%     6| 0.0%   4|    -    0
================================================================================
                                       Total:|74.1%  1096|72.9% 277|    -    0

@gpsanant
Copy link
Contributor

can we close or merge this? @8sunyuan

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants