chore(certora): add invariant that totalSent is <= totalReceived #147
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
0x-r4bbit
commented
Aug 9, 2024
| @@ -72,6 +72,22 @@ invariant totalSupplyIsSumOfBalances() | |||
| invariant requestStartedWhenSlotsFilled(env e, Marketplace.RequestId requestId, Marketplace.SlotId slotId) | |||
| to_mathint(currentContract.requestContext(e, requestId).slotsFilled) == to_mathint(currentContract.getRequest(e, requestId).ask.slots) => currentContract.requestState(e, requestId) == Marketplace.RequestState.Started; | |||
|
|
|||
| // STATUS - in progress (fails on constructor state due to a strange behaviour in the tool) | |||
| // _marketplaceTotals.received - _marketplaceTotals.sent == tokenBalanceOfContract | |||
| // https://prover.certora.com/output/3106/4e6cac8055ac45bb92840e14d9b095eb/?anonymousKey=655a42ca6306a023db78914d5a188d8ec2882771 | |||
There was a problem hiding this comment.
As pointed out here, there's a bug in the prover that causes this invariant to file after the constructor has been called.
I'd leave this pending until the bug in certora has been fixed.
AuHau
approved these changes
Aug 12, 2024
0x-r4bbit
force-pushed
the
certora-sum-of-balances
branch
from
02dfe5c to
b41c3a1
Compare
0x-r4bbit
force-pushed
the
certora-totalsent-le-totalreceived
branch
from
19379eb to
02b9c1f
Compare
|
While this is green on CI, it should actually fail because there's a bug in the prover that will find a counter example on one of the rules. We need to change the GH action in this repo so it has a proper exit code or something. |
0x-r4bbit
force-pushed
the
certora-totalsent-le-totalreceived
branch
from
02b9c1f to
d6555cc
Compare
0x-r4bbit
force-pushed
the
certora-totalsent-le-totalreceived
branch
from
d6555cc to
018ed25
Compare
This commit adds an invariant that verifies `marketplaceTotals.sent <= marketplceTotals.received`. The invariant relies on the `Token.totalSupply()` which has previously been verified to be the sum of all balances. The invariant uses `<=` as there could be donations sent to the marketplace. Closes #132
0x-r4bbit
force-pushed
the
certora-totalsent-le-totalreceived
branch
from
018ed25 to
b413d77
Compare
|
As per #132 (comment) we won't merge this. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit adds an invariant that verifies
marketplaceTotals.sent <= marketplceTotals.received.The invariant relies on the
Token.totalSupply()which has previously been verified to be the sum of all balances.The invariant uses
<=as there could be donations sent to the marketplace.Closes #132
This PR depends on #146