-
Notifications
You must be signed in to change notification settings - Fork 859
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
17 changed files
with
122 additions
and
1,290 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
#!/bin/bash | ||
|
||
params=("--send_only") | ||
|
||
if [[ -n "$CI" ]]; then | ||
params=() | ||
fi | ||
|
||
certoraRun certora/harnesses/SafeHarness.sol \ | ||
--verify SafeHarness:certora/specs/NativeTokenRefund.spec \ | ||
--solc solc7.6 \ | ||
--optimistic_loop \ | ||
--prover_args '-optimisticFallback true -s z3' \ | ||
--loop_iter 3 \ | ||
--optimistic_hashing \ | ||
--hashing_length_bound 352 \ | ||
--rule_sanity \ | ||
"${params[@]}" \ | ||
--msg "Safe $1 " |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
// This spec is a separate file because we summarize checkSignatures here | ||
|
||
methods { | ||
function checkSignatures(bytes32, bytes memory, bytes memory) internal => NONDET; | ||
|
||
function getNativeTokenBalanceFor(address) external returns (uint256) envfree; | ||
function getSafeGuard() external returns (address) envfree; | ||
} | ||
|
||
ghost uint256 gasPriceEnv { | ||
init_state axiom gasPriceEnv == 1; | ||
} | ||
|
||
// We need to make sure that the gas price is not zero. There's no env variable available in the CVL, so we use an opcode hook with a | ||
// ghost variable. | ||
hook GASPRICE uint v { | ||
require v > 0; | ||
gasPriceEnv = v; | ||
} | ||
|
||
rule nativeTokenRefundIsSentToRefundReceiver( | ||
address to, | ||
uint256 value, | ||
bytes data, | ||
Enum.Operation operation, | ||
uint64 safeTxGas, | ||
uint64 baseGas, | ||
uint256 gasPrice, | ||
address gasToken, | ||
address refundReceiver, | ||
bytes signatures | ||
) { | ||
env e; | ||
|
||
// gas token address must be zero for native token refund | ||
require gasToken == 0; | ||
// gas refund parameters must be set | ||
require baseGas > 0 && gasPrice > 0; | ||
|
||
// the refund receiver must not be zero, because in such a case tx.origin will be used and it'll come up with countexamples related to overflow | ||
// and adding pre-requirements is tricky | ||
// also, it shouldn't be the safe itself | ||
require refundReceiver != 0 && refundReceiver != currentContract; | ||
// // We're being optimistic about the delegatecall and in the munged contracts the actuall call was removed | ||
// // So it's possible the gas used to be 0 in the munged contracts, so no refund would be sent (a counterexample) | ||
// require operation == Enum.Operation.Call; | ||
// The guard has to be zero, because otherwise it makes an extcall and the prover HAVOCs; | ||
require getSafeGuard() == 0; | ||
uint256 balanceBefore = getNativeTokenBalanceFor(refundReceiver); | ||
require balanceBefore == 0; | ||
execTransaction(e, to, value, data, operation, safeTxGas, baseGas, gasPrice, gasToken, refundReceiver, signatures); | ||
uint256 balanceAfter = getNativeTokenBalanceFor(refundReceiver); | ||
// It's not possible to calculate the exact amount because it varies on many factors (such as gas used, actual gas price used, etc) | ||
assert to_mathint(balanceAfter) > to_mathint(balanceBefore); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
|
||
{ "gambit": { | ||
"filename" : "certora/munged/Safe.sol", | ||
"num_mutants": 15 | ||
} | ||
} | ||
{ | ||
"gambit": { | ||
"filename": "certora/munged/Safe.sol", | ||
"num_mutants": 15 | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,13 +1,12 @@ | ||
|
||
{ "gambit": [ | ||
{ | ||
"filename" : "certora/munged/Safe.sol", | ||
"gambit": [ | ||
{ | ||
"filename": "certora/munged/Safe.sol", | ||
"num_mutants": 5 | ||
}, | ||
{ | ||
"filename" : "certora/munged/base/OwnerManager.sol", | ||
}, | ||
{ | ||
"filename": "certora/munged/base/OwnerManager.sol", | ||
"num_mutants": 5 | ||
} | ||
|
||
] | ||
} | ||
} | ||
] | ||
} |