Skip to content

Commit

Permalink
fix(specs): make sumOfMultiplierPointsIsMultiplierpoints work again
Browse files Browse the repository at this point in the history 
This invariant failed as the prover started making wrong assumptions
about the relationship between anyone's account's `totalMP` and its
`balance`, as well as an account's `bonusMP` and its `balance`.

This commit fixes it by adding the necessary invariants to proof the
property.
  • Loading branch information
@0x-r4bbit @3esmit
0x-r4bbit authored and 3esmit committed Oct 3, 2024
1 parent 9ece548 commit 254ea0a
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions certora/specs/StakeManager.spec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,11 @@ invariant sumOfMultipliersIsMultiplierSupply()
filtered {
m -> !requiresPreviousManager(m) && !requiresNextManager(m)
}
{ preserved with (env e){
requireInvariant accountMPIsZeroIfBalanceIsZero(e.msg.sender);
requireInvariant accountBonusMPIsZeroIfBalanceIsZero(e.msg.sender);
}
}

invariant sumOfEpochRewardsIsPendingRewards()
sumOfEpochRewards == to_mathint(currentContract.pendingReward)
Expand All @@ -89,6 +94,12 @@ invariant highEpochsAreNull(uint256 epochNumber)
m -> !requiresPreviousManager(m) && !requiresNextManager(m)
}

invariant accountBonusMPIsZeroIfBalanceIsZero(address addr)
to_mathint(getAccountBalance(addr)) == 0 => to_mathint(getAccountBonusMultiplierPoints(addr)) == 0
filtered {
f -> f.selector != sig:migrateFrom(address,bool,StakeManager.Account).selector
}

invariant accountMPIsZeroIfBalanceIsZero(address addr)
to_mathint(getAccountBalance(addr)) == 0 => to_mathint(getAccountCurrentMultiplierPoints(addr)) == 0
filtered {
Expand Down

0 comments on commit 254ea0a

Please sign in to comment.