Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test: certora spec for RewardsCoordinator #597

Open
wants to merge 4 commits into
base: dev
Choose a base branch
from
Open

test: certora spec for RewardsCoordinator #597

wants to merge 4 commits into from
+317 −0

Conversation

8sunyuan
Copy link
Collaborator

Included spec as a github workflow with certora-prover-conf.yml

@github-actions GitHub Actions

This comment was marked as off-topic.

Sign in to view
ChaoticWalrus
ChaoticWalrus reviewed Jun 24, 2024
View reviewed changes
certora/harnesses/RewardsCoordinatorHarness.sol Outdated

import "../../src/contracts/core/RewardsCoordinator.sol";

contract RewardsCoordinatorHarness is RewardsCoordinator {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is there a reason for having a harness here if you aren't adding any functions?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was made in case there were any internal functions needed to be made. Looks like we can just remove though

ChaoticWalrus
ChaoticWalrus reviewed Jun 24, 2024
View reviewed changes
certora/specs/core/RewardsCoordinator.spec
rule claimWithduplicateTokenLeafs(env e, IRewardsCoordinator.RewardsMerkleClaim claim, address recipient) {
require claim.tokenLeaves.length == 1;

checkClaim(e, claim);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what's the point of this call?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Its to ensure that the claim is valid.
since checkClaim doesn't have @withrevert any successful paths of this rule will include checkClaim not reverting. Probably more clear by just having require checkClaim

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

makes sense, but adding 'require' syntax would definitely be clearer

ChaoticWalrus
ChaoticWalrus reviewed Jun 24, 2024
View reviewed changes
certora/conf/rewardsCoordinator.conf
"optimistic_loop": true,
"optimistic_hashing": true,
"rule_sanity": "basic",
"exclude_rule": ["checkClaimNeverFalse"],
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so is this rule just failing to pass right now then?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No the rule is called in paymentCoordinatorWithoutSanity.conf. The reason for the separate conf is that this rule fails the sanity check since checkClaim reverts instead of returning false.

@github-actions GitHub Actions
Copy link 

Reading tracefile ./lcov.info.pruned
                                             |Lines      |Functions|Branches  
Filename                                       |Rate    Num|Rate  Num|Rate   Num
================================================================================
[src/contracts/]
core/AVSDirectory.sol                          |77.8%    27|77.8%   9|    -    0
core/AVSDirectoryStorage.sol                   | 0.0%     1| 0.0%   1|    -    0
core/DelegationManager.sol                     |96.4%   196|92.3%  39|    -    0
core/DelegationManagerStorage.sol              | 100%     3| 100%   1|    -    0
core/RewardsCoordinator.sol                    |93.5%   108|83.3%  30|    -    0
core/RewardsCoordinatorStorage.sol             | 0.0%     9| 0.0%   1|    -    0
core/StrategyManager.sol                       |95.2%    83|95.8%  24|    -    0
core/StrategyManagerStorage.sol                | 0.0%     3| 0.0%   1|    -    0
libraries/BeaconChainProofs.sol                |95.5%    44|91.7%  12|    -    0
libraries/BytesLib.sol                         | 8.0%    50| 7.1%  14|    -    0
libraries/EIP1271SignatureUtils.sol            | 100%     3| 100%   1|    -    0
libraries/Endian.sol                           | 100%     3| 100%   1|    -    0
libraries/Merkle.sol                           | 100%    30| 100%   5|    -    0
libraries/StructuredLinkedList.sol             | 0.0%    45| 0.0%  19|    -    0
permissions/Pausable.sol                       |95.7%    23|90.9%  11|    -    0
permissions/PauserRegistry.sol                 | 100%    12| 100%   6|    -    0
pods/DelayedWithdrawalRouter.sol               |93.2%    59|85.7%  14|    -    0
pods/EigenPod.sol                              | 100%   150| 100%  33|    -    0
pods/EigenPodManager.sol                       |98.8%    84|89.5%  19|    -    0
pods/EigenPodManagerStorage.sol                | 0.0%     5| 0.0%   1|    -    0
strategies/EigenStrategy.sol                   | 0.0%    10| 0.0%   5|    -    0
strategies/StrategyBase.sol                    |89.7%    39|77.8%  18|    -    0
strategies/StrategyBaseTVLLimits.sol           | 100%    12|83.3%   6|    -    0
token/BackingEigen.sol                         |72.0%    25|50.0%  10|    -    0
token/Eigen.sol                                |38.5%    39|50.0%  12|    -    0
utils/UpgradeableSignatureCheckingUtils.sol    | 0.0%     6| 0.0%   4|    -    0
================================================================================
                                       Total:|82.0%  1069|73.7% 297|    -    0

ChaoticWalrus
ChaoticWalrus reviewed Jun 24, 2024
View reviewed changes
certora/specs/core/RewardsCoordinator.spec

processClaim@withrevert(e, claim, recipient);

assert !lastReverted => canWork;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you assert equality here? that would be stronger if possible; I'm not sure it would work with the summarization of verifyInclusionKeccak though...

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The summarization may be an issue but all other revert reasons will also be problematic. First its things like the contract being paused, in reentrant mode, and >0 msg.value being sent, then compiler checks which are harder to understand.

ChaoticWalrus
ChaoticWalrus approved these changes Jun 24, 2024
View reviewed changes
Copy link
Contributor

@ChaoticWalrus ChaoticWalrus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I have a few minor questions but nothing that I think is particularly worth blocking on.

@github-actions GitHub Actions
Copy link 

Reading tracefile ./lcov.info.pruned
                                             |Lines      |Functions|Branches  
Filename                                       |Rate    Num|Rate  Num|Rate   Num
================================================================================
[src/contracts/]
core/AVSDirectory.sol                          |77.8%    27|77.8%   9|    -    0
core/AVSDirectoryStorage.sol                   | 0.0%     1| 0.0%   1|    -    0
core/DelegationManager.sol                     |96.4%   196|92.3%  39|    -    0
core/DelegationManagerStorage.sol              | 100%     3| 100%   1|    -    0
core/RewardsCoordinator.sol                    |93.5%   108|83.3%  30|    -    0
core/RewardsCoordinatorStorage.sol             | 0.0%     9| 0.0%   1|    -    0
core/StrategyManager.sol                       |95.2%    83|95.8%  24|    -    0
core/StrategyManagerStorage.sol                | 0.0%     3| 0.0%   1|    -    0
libraries/BeaconChainProofs.sol                |95.5%    44|91.7%  12|    -    0
libraries/BytesLib.sol                         | 8.0%    50| 7.1%  14|    -    0
libraries/EIP1271SignatureUtils.sol            | 100%     3| 100%   1|    -    0
libraries/Endian.sol                           | 100%     3| 100%   1|    -    0
libraries/Merkle.sol                           | 100%    30| 100%   5|    -    0
libraries/StructuredLinkedList.sol             | 0.0%    45| 0.0%  19|    -    0
permissions/Pausable.sol                       |95.7%    23|90.9%  11|    -    0
permissions/PauserRegistry.sol                 | 100%    12| 100%   6|    -    0
pods/DelayedWithdrawalRouter.sol               |93.2%    59|85.7%  14|    -    0
pods/EigenPod.sol                              | 100%   150| 100%  33|    -    0
pods/EigenPodManager.sol                       |98.8%    84|89.5%  19|    -    0
pods/EigenPodManagerStorage.sol                | 0.0%     5| 0.0%   1|    -    0
strategies/EigenStrategy.sol                   | 0.0%    10| 0.0%   5|    -    0
strategies/StrategyBase.sol                    |89.7%    39|77.8%  18|    -    0
strategies/StrategyBaseTVLLimits.sol           | 100%    12|83.3%   6|    -    0
token/BackingEigen.sol                         |72.0%    25|50.0%  10|    -    0
token/Eigen.sol                                |38.5%    39|50.0%  12|    -    0
utils/UpgradeableSignatureCheckingUtils.sol    | 0.0%     6| 0.0%   4|    -    0
================================================================================
                                       Total:|82.0%  1069|73.7% 297|    -    0

ChaoticWalrus
ChaoticWalrus reviewed Jun 25, 2024
View reviewed changes
certora/specs/core/RewardsCoordinator.spec
Comment on lines +116 to +120
{
IRewardsCoordinator.RewardsSubmission[] rewardsSubmission1;
IRewardsCoordinator.RewardsSubmission[] rewardsSubmission2;
IRewardsCoordinator.RewardsSubmission[] rewardsSubmissions;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this rule is checking batch equivalency, right?

@github-actions GitHub Actions
Copy link 

Reading tracefile ./lcov.info.pruned
                                             |Lines      |Functions|Branches  
Filename                                       |Rate    Num|Rate  Num|Rate   Num
================================================================================
[src/contracts/]
core/AVSDirectory.sol                          |77.8%    27|77.8%   9|    -    0
core/DelegationManager.sol                     |96.5%   198|92.3%  39|    -    0
core/RewardsCoordinator.sol                    |90.8%   119|81.2%  32|    -    0
core/StrategyManager.sol                       |95.2%    83|95.8%  24|    -    0
libraries/BeaconChainProofs.sol                | 100%    22| 100%  11|    -    0
libraries/BytesLib.sol                         | 0.0%   156| 0.0%  14|    -    0
libraries/EIP1271SignatureUtils.sol            | 100%     3| 100%   1|    -    0
libraries/Endian.sol                           | 100%     2| 100%   1|    -    0
libraries/Merkle.sol                           | 100%    38| 100%   5|    -    0
libraries/StructuredLinkedList.sol             | 0.0%    45| 0.0%  19|    -    0
permissions/Pausable.sol                       |95.7%    23|90.9%  11|    -    0
permissions/PauserRegistry.sol                 | 100%    12| 100%   6|    -    0
pods/EigenPod.sol                              | 100%   122|96.2%  26|    -    0
pods/EigenPodManager.sol                       |98.7%    75|85.7%  14|    -    0
strategies/EigenStrategy.sol                   | 0.0%    10| 0.0%   5|    -    0
strategies/StrategyBase.sol                    |90.9%    44|78.9%  19|    -    0
strategies/StrategyBaseTVLLimits.sol           | 100%    12|83.3%   6|    -    0
strategies/StrategyFactory.sol                 |94.3%    35|88.9%   9|    -    0
token/BackingEigen.sol                         |72.0%    25|50.0%  10|    -    0
token/Eigen.sol                                |38.5%    39|50.0%  12|    -    0
utils/UpgradeableSignatureCheckingUtils.sol    | 0.0%     6| 0.0%   4|    -    0
================================================================================
                                       Total:|74.1%  1096|72.9% 277|    -    0

@gpsanant
Copy link
Contributor

can we close or merge this? @8sunyuan

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@teryanarmen teryanarmen teryanarmen left review comments

@ChaoticWalrus ChaoticWalrus ChaoticWalrus approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@8sunyuan @gpsanant @teryanarmen @ChaoticWalrus