Skip to content

Commit

Permalink
Merge 165c366 into f37e0ed
Browse files Browse the repository at this point in the history
  • Loading branch information
@mmv08
mmv08 committed May 31, 2023
2 parents f37e0ed + 165c366 commit 621b146
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 11 deletions.
19 changes: 12 additions & 7 deletions certora/applyHarness.patch
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
diff -druN Safe.sol Safe.sol
--- Safe.sol 2023-04-11 15:01:13
+++ Safe.sol 2023-04-11 15:01:55
--- Safe.sol 2023-05-16 15:08:39
+++ Safe.sol 2023-05-25 16:23:56
@@ -76,7 +76,7 @@
* so we create a Safe with 0 owners and threshold 1.
* This is an unusable Safe, perfect for the singleton
Expand All @@ -11,14 +11,19 @@ diff -druN Safe.sol Safe.sol

/**
diff -druN base/Executor.sol base/Executor.sol
--- base/Executor.sol 2023-04-11 15:01:13
+++ base/Executor.sol 2023-04-11 15:01:18
@@ -25,6 +25,8 @@
--- base/Executor.sol 2023-05-16 15:08:39
+++ base/Executor.sol 2023-05-25 16:23:31
@@ -25,11 +25,9 @@
Enum.Operation operation,
uint256 txGas
) internal returns (bool success) {
+ // MUNGED lets just be a bit more optimistic, `execute` does nothing and always returns true
+ return true;
+ // MUNGED lets just be a bit more optimistic, `execute` does nothing for `DELEGATECALL` and always returns true
if (operation == Enum.Operation.DelegateCall) {
- // solhint-disable-next-line no-inline-assembly
- assembly {
- success := delegatecall(txGas, to, add(data, 0x20), mload(data), 0, 0)
- }
+ return true;
} else {
// solhint-disable-next-line no-inline-assembly
assembly {
13 changes: 9 additions & 4 deletions certora/specs/Safe.spec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,20 +23,25 @@ definition reachableOnly(method f) returns bool =
f.selector != sig:setup(address[],uint256,address,bytes,address,address,uint256,address).selector
&& f.selector != sig:simulateAndRevert(address,bytes).selector;

definition MAX_UINT256() returns uint256 = 0xffffffffffffffffffffffffffffffff;

/// Nonce must never decrease
rule nonceMonotonicity(method f) filtered {
f -> noHavoc(f) && reachableOnly(f) &&
f -> reachableOnly(f) &&
f.selector != sig:getStorageAt(uint256,uint256).selector
} {
uint256 nonceBefore = nonce();

// The nonce may overflow, but since it's increased only by 1 with each transaction, it is not realistically possible to overflow it.
require nonceBefore < MAX_UINT256();
calldataarg args; env e;
f(e, args);
uint256 nonceAfter = nonce();
assert nonceAfter == nonceBefore || to_mathint(nonceAfter) == nonceBefore + 1;
assert nonceAfter != nonceBefore =>
to_mathint(nonceAfter) == nonceBefore + 1 && f.selector == sig:execTransaction(address,uint256,bytes,SafeHarness.Operation,uint256,uint256,uint256,address,address,bytes).selector;
}
Expand Down Expand Up @@ -129,7 +134,7 @@ rule fallbackHandlerAddressChange(method f) filtered {

address fbHandlerAfter = fallbackHandlerAddress;

assert fbHandlerBefore != fbHandlerAfter =>
assert fbHandlerBefore != fbHandlerAfter =>
f.selector == sig:setup(address[],uint256,address,bytes,address,address,uint256,address).selector || f.selector == sig:setFallbackHandler(address).selector;
}

Expand All @@ -145,6 +150,6 @@ rule guardAddressChange(method f) filtered {

address guardAfter = getSafeGuard();

assert guardBefore != guardAfter =>
assert guardBefore != guardAfter =>
f.selector == sig:setGuard(address).selector;
}

0 comments on commit 621b146

Please sign in to comment.