Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Colin@verif/setup #19

Merged
merged 37 commits into from
Sep 30, 2024
Merged
Show file tree
Hide file tree
Changes from 35 commits
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
9bb8b16
chore: ignore emacs
colin-morpho Sep 19, 2024
9c5083a
feat: trivial setup for certora prover
colin-morpho Sep 19, 2024
57bdba7
feat: setup certora in ci
colin-morpho Sep 19, 2024
a29c6b1
chore: add verification README
colin-morpho Sep 19, 2024
7363a86
feat: rentrancy-safety spec
colin-morpho Sep 19, 2024
390891c
chore: ignore verification related munged files
colin-morpho Sep 19, 2024
eb30d6a
chore: provide reentrancy safety documentation
colin-morpho Sep 19, 2024
1603b4c
feat: strenghten reentrancy specification
colin-morpho Sep 19, 2024
e666d77
feat:verif immutability
colin-morpho Sep 23, 2024
5c60ef2
fix: remove MB link
colin-morpho Sep 23, 2024
0ea070a
fix: MorphoBlue -> Morpho
colin-morpho Sep 23, 2024
7813f88
fix: remove munging
colin-morpho Sep 23, 2024
1e77059
fix: add sload hook
colin-morpho Sep 23, 2024
9525aa5
fix: add /nl in gitignore
colin-morpho Sep 23, 2024
d0f2c10
fix: imrpove description of reentrancy verification
colin-morpho Sep 23, 2024
d389ee0
fix: fix description of reentrancy verification
colin-morpho Sep 23, 2024
83988c4
chore: remove certora/munged from gitignore
colin-morpho Sep 23, 2024
e3e54e5
fix: apply suggestion to README
colin-morpho Sep 23, 2024
9aa7aea
fix: remove natspec from harness
colin-morpho Sep 23, 2024
c8742e3
fix: reentrant -> reentrancy safe
colin-morpho Sep 23, 2024
41e374f
Merge branch 'colin@verif/setup' into colin@verif/reentrancy-safety
colin-morpho Sep 23, 2024
9cb3ee3
fix: remove munging instruction
colin-morpho Sep 23, 2024
c6e9d1c
Merge branch 'colin@verif/setup' into colin@verif/reentrancy-safety
colin-morpho Sep 23, 2024
1915cf5
Merge branch 'colin@verif/reentrancy-safety' into colin@verif/immutab…
colin-morpho Sep 23, 2024
6a913b1
chore: update verif's README
colin-morpho Sep 23, 2024
a6b961d
Merge pull request #15 from morpho-org/colin@verif/reentrancy-safety
QGarchery Sep 23, 2024
e3e2d20
Merge branch 'colin@verif/setup' into colin@verif/immutability
colin-morpho Sep 23, 2024
d079c5c
fix: improve description in README
colin-morpho Sep 23, 2024
8d83c5f
Merge branch 'feat/licence' into colin@verif/setup
colin-morpho Sep 23, 2024
cfa7091
fix: update PreLiquidationHarness contract interface
colin-morpho Sep 23, 2024
39fca0d
Merge branch 'colin@verif/setup' into colin@verif/immutability
colin-morpho Sep 23, 2024
25eca60
fix: update immutability conf
colin-morpho Sep 23, 2024
f17e468
fix: readability + simplify certora conf
colin-morpho Sep 24, 2024
00d8de9
Merge pull request #25 from morpho-org/colin@verif/immutability
colin-morpho Sep 24, 2024
fbc1e45
Merge branch 'main' into colin@verif/setup
colin-morpho Sep 27, 2024
d88bf7e
fix: implement quentin's suggestions
colin-morpho Sep 29, 2024
7463846
chore:remove pre-liquidation harness
colin-morpho Sep 27, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 50 additions & 0 deletions .github/workflows/certora.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
name: Certora

on:
push:
branches:
- main
pull_request:
workflow_dispatch:

jobs:
verify:
runs-on: ubuntu-latest

strategy:
fail-fast: false

matrix:
conf:
- Immutability
- Reentrancy

steps:
- uses: actions/checkout@v4
with:
submodules: recursive

- name: Install python
uses: actions/setup-python@v5
with:
python-version: ">=3.11"

- name: Install certora
run: pip install certora-cli

- name: Install solc (0.8.19)
run: |
wget https://github.com/ethereum/solidity/releases/download/v0.8.19/solc-static-linux
chmod +x solc-static-linux
sudo mv solc-static-linux /usr/local/bin/solc-0.8.19

- name: Install solc (0.8.27)
run: |
wget https://github.com/ethereum/solidity/releases/download/v0.8.27/solc-static-linux
chmod +x solc-static-linux
sudo mv solc-static-linux /usr/local/bin/solc-0.8.27

- name: Verify ${{ matrix.conf }} specification
run: certoraRun certora/confs/${{ matrix.conf }}.conf
env:
CERTORAKEY: ${{ secrets.CERTORAKEY }}
6 changes: 6 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,9 @@ docs/

# Dotenv file
.env

# Emacs
*~
MathisGD marked this conversation as resolved.
Show resolved Hide resolved

# Certora
.certora_internal
74 changes: 74 additions & 0 deletions certora/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
# Pre-liquidation Contract Formal Verification

This folder contains the
[CVL](https://docs.certora.com/en/latest/docs/cvl/index.html)
specification and verification setup for the
[pre-liquidation](../src/PreLiquidation.sol) contract using the
[Certora Prover](https://www.certora.com/).

## Getting Started

This project depends on two different versions of
[Solidity](https://soliditylang.org/) which are required for running
the verification. The compiler binaries should be available under the
following path names:

- `solc-0.8.19` for the solidity compiler version `0.8.19`, which is
used for `Morpho`;
- `solc-0.8.27` for the solidity compiler version `0.8.27`, which is
used for `PreLiquidation`.

### Installing the Certora Prover

The Certora CLI can be installed by running `python3 -m pip3 install
certora-cli`. Detailed installation instructions can be found on
Certora's official
[documentation](https://docs.certora.com/en/latest/docs/user-guide/install.html).
MathisGD marked this conversation as resolved.
Show resolved Hide resolved

To verifying a specification, run the command `certoraRun Spec.conf`
where `Spec.conf` is the configuration file of the matching CVL
specification. Configuration files are available in
[`certora/conf`](./confs). Please ensure that `CERTORA_KEY` is set up
QGarchery marked this conversation as resolved.
Show resolved Hide resolved
in your environment.

## Overview

The PreLiquidation contract enables Morpho Blue borrowers to set up a
safer liquidation plan on a given position, thus preventing undesired
liquidations.
MathisGD marked this conversation as resolved.
Show resolved Hide resolved

### Reentrancy

This is checked in [`Reentrancy.spec`](specs/Reentrancy.spec).

### Immutability

This is checked in [`Immutability.spec`](specs/Immutability.spec).

## Verification architecture

### Folders and file structure

The [`certora/specs`](specs) folder contains the following files:

- [`Reentrancy.spec`](specs/Reentrancy.spec) checks that
PreLiquidation is reentrancy safe by checking that the storage is never
used.

- [`Immutability.spec`](specs/Immutability.spec) checks that
PreLiquidation contract is immutable because it doesn't perform any
delegate call.

The [`certora/confs`](confs) folder contains a configuration file for
each corresponding specification file.

The [`certora/helpers`](helpers) folder contains helper contracts that
enable the verification of PreLiquidation. Notably, this allows
handling the fact that library functions should be called from a
contract to be verified independently, and it allows defining needed
getters.

## TODO

- [ ] Provide an overview of the specification.
- [ ] Update the verification architecture.
16 changes: 16 additions & 0 deletions certora/confs/Immutability.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
{
"files": [
"certora/helpers/PreLiquidationHarness.sol",
],
"solc": "solc-0.8.27",
"solc_via_ir" : true,
"verify": "PreLiquidationHarness:certora/specs/Immutability.spec",
"prover_args": [
"-depth 3",
"-mediumTimeout 20",
"-timeout 120",
],
"rule_sanity": "basic",
"server": "production",
"msg": "PreLiquidation Immutability",
}
17 changes: 17 additions & 0 deletions certora/confs/Reentrancy.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"files": [
"certora/helpers/PreLiquidationHarness.sol",
],
"solc": "solc-0.8.27",
"solc_via_ir" : true,
"verify": "PreLiquidationHarness:certora/specs/Reentrancy.spec",
"prover_args": [
"-enableStorageSplitting false",
QGarchery marked this conversation as resolved.
Show resolved Hide resolved
"-depth 3",
"-mediumTimeout 20",
"-timeout 120",
],
"rule_sanity": "basic",
"server": "production",
"msg": "PreLiquidation Reentrancy",
}
18 changes: 18 additions & 0 deletions certora/helpers/PreLiquidationHarness.sol
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
// SPDX-License-Identifier: GPL-2.0-or-later
pragma solidity 0.8.27;

import {PreLiquidation, Id, Market, Position, PreLiquidationParams} from "../../src/PreLiquidation.sol";

contract PreLiquidationHarness is PreLiquidation {
constructor(Id id, PreLiquidationParams memory _preLiquidationParams, address morpho)
PreLiquidation(id, _preLiquidationParams, morpho)
{}

function _isPreLiquidatable_(uint256 collateralPrice, Position memory position, Market memory market)
external
view
returns (bool)
{
return _isPreLiquidatable(collateralPrice, position, market);
}
}
15 changes: 15 additions & 0 deletions certora/specs/Immutability.spec
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
// SPDX-License-Identifier: GPL-2.0-or-later

persistent ghost bool delegateCall;

hook DELEGATECALL(uint g, address addr, uint argsOffset, uint argsLength, uint retOffset, uint retLength) uint rc {
delegateCall = true;
}

// Check that the contract is truly immutable.
rule noDelegateCalls(method f, env e, calldataarg data) {
// Set up the initial state.
require !delegateCall;
f(e,data);
assert !delegateCall;
}
21 changes: 21 additions & 0 deletions certora/specs/Reentrancy.spec
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
// SPDX-License-Identifier: GPL-2.0-or-later
// True when storage has been accessed with either a SSTORE or a
// SLOAD.

QGarchery marked this conversation as resolved.
Show resolved Hide resolved
persistent ghost bool hasAccessedStorage;

hook ALL_SSTORE(uint loc, uint v) {
hasAccessedStorage = true;
}

hook ALL_SLOAD(uint loc) uint v {
hasAccessedStorage = true;
}

// Check that no function is accessing storage.
rule reentrancySafe(method f, env e, calldataarg data) {
// Set up the initial state.
require !hasAccessedStorage;
f(e,data);
assert !hasAccessedStorage;
}
Loading