Commit Graph

439 Commits

Author SHA1 Message Date
Adam Uhlíř 4aacb6f485
feat: repair reward 2024-10-11 09:14:00 +02:00
Slava 997696a20e
Add codex_testnet deployment artifacts (#190) 2024-10-08 14:27:06 +02:00
Adam Uhlíř 7e6187d4b1
feat: hosts payed by actual time hosting a slot (#160)
Co-authored-by: Eric <5089238+emizzle@users.noreply.github.com>
Co-authored-by: r4bbit <445106+0x-r4bbit@users.noreply.github.com>
2024-10-08 09:38:19 +02:00
Eric f5a54c7ed4
feat(slot-reservations): require slots to be reserved before filling slot (#185)
* Require slots to be reserved before filling slot

* Add test that checks filling slot fails without reservation
2024-10-08 15:55:17 +11:00
Eric 807fc973c8
feat(slot-reservations): Add `SlotReservationsFull` event (#183)
`SlotReservationsFull` event is emitted once a slot has reached its capacity for slot reservations (3 reservations at this time).

`SlotReservationsFull` event emists `requestId` and `slotIndex`.
2024-10-04 13:28:39 +10:00
Eric 33010bd20c
feat(slot-reservations): Allow slots to be reserved (#177)
* feat(slot-reservations): Allow slots to be reserved

Closes #175.

Allows reservation of slots, without an implementation of the expanding window.

- Add a function called `reserveSlot(address, SlotId)`, that allows three unique addresses per slot to be reserved, that returns bool if successful.
       - Use `mapping(SlotId => EnumerableSet.AddressSet)`
       - Return false if the address could not be added to the set (if `EnumerableSet.add` returns false)
- Add `canReserveSlot(address, SlotId)`
        - Return `true` if set of reservations is less than 3 and the set doesn't already contain the address
        - Return `true` otherwise (for now, later add in logic for checking the address is inside the expanding window)
        - Call `canReserveSlot` from `reserveSlot` as a `require` or invariant
- Add `SlotReservations` configuration struct to the network-level config, with `maxReservations`
2024-10-03 11:01:21 +10:00
Andrea Franz 3a074abd20 chore(certora): verify possible slot state transitions 2024-09-30 12:53:06 +02:00
Slava a5aa19453e
Add codex_testnet deployment artifacts (#181)
https://github.com/codex-storage/infra-codex/issues/223
2024-09-24 13:31:07 +03:00
Slava 9722753e54
Update circuit files for codex_testnet (#180) 2024-09-23 18:30:02 +03:00
Ben Bierens 558bf645c3
Updates circuit file hash (#178)
* wasm and r1cs files appear to be unchanged

* Updates example proof
2024-09-20 11:08:23 +02:00
r4bbit bba8736132 refactor(certora): use ghost variables for `requestContext` and `slots`
Instead of having additional harness code in `MarketplaceHarness` to
access fields in `requestContext` and `slots` objects, this introduces
dedicated ghost variables that keep track of the field changes and let
us read the values from there.

Prover run: https://prover.certora.com/output/6199/8343693dfc3f4ca38435f5aa10fa2345?anonymousKey=db5eaee6c688651132d1671919fb73544affa269

Closes #165
2024-08-28 10:51:42 +02:00
r4bbit 38caabeee3 fix(certora): remove incorrect requirment in
`paidSlotAlwaysHasCancelledOrFinishedRequest`

The mentioned invariant uses a `preserved` block with a `require
SlotState == Paid`, which essentially excludes all cases where
`SlotState != Paid`.

This was incorrectly applied. Removing that requirement causes the
prover to find a counter example where it starts with `RequestState == Started`
and `SlotState == Cancelled`.

This ultimately results in `SlotState == PAID` while `RequestState`
stays `Started`.

Counter example link: https://prover.certora.com/output/6199/a38c9bd665d544dabcffd07335c05420?anonymousKey=119a850a4d1d65ccbe8f95298615592835801d2b

A slot that is `Cancelled` however, can never belong to a request that
is `Started`. So requiring the invariant that
`cancelledSlotAlwaysHasCancelledRequest` fixes this and the rule is
passing.

Passing rule: https://prover.certora.com/output/6199/d0e165ed5d594f9fb477602af06cfeb1?anonymousKey=01ffaad46027786c38d78e5a41c03ce002032200

Closes #164
2024-08-28 07:56:32 +02:00
r4bbit cc0b2732ad fix(Marketplace): ensure requests include ask with sufficient slots
There is a missing check in `requestStorage()` on whether the `Request`
contains an `Ask` where its `slots` is `> 0`.

This allows for making storage request without slots. Not harmful but
not a valid state of the system either.

This commit adds that check and a test with batteries included.
2024-08-27 17:14:52 +02:00
r4bbit 6d319c76b9 fix(certora): make vacuous rule pass
The rule `slotIsFailedOrFreeIfRequestHasFailed` currently has violations
as it is vacuous for some functions in the `Marketplace` contract.

The rule being vacuous means that the function on which the rule is
tested either doesn't have a case where the required conditions work (it
reverts), or, in this case, where any given function doesn't have a case
where it reaches the required state change.

There's various functions where this applies because the rule requires
that the request being tested is first any state that is `!= Failed`,
then for any function `f`, when `f` is executed, the required state of
the request is `Failed`.

Prover run that confirms this: https://prover.certora.com/output/6199/82ed96aac5014cb9a7485fc3752fb399?anonymousKey=28c97adbbe14ead331dc8e4b8ed05e94528075a3

There's two options to go about this:

1. Either filter out all functions from the rule where the rule is
   vacuous (this is dangerous because we'd exclude those functions
   entirely from the rule)
2. Or, rewrite the rule such that the requirements are relaxed

This commit implements option 2.
Instead of requiring that the starting request state has to be `!=
Failed`, we simply assert that **if** it **was** not `Failed` and then
**is** `Failed`, the corresponding slot is either failed or free.

Prover run that passes: https://prover.certora.com/output/6199/16fa074bd23146e59c21964c98bbb3e0?anonymousKey=229d721cf35873bed5eae67696eed803ce75fd18
2024-08-27 15:08:52 +02:00
r4bbit 50e90b6816 chore(CI): update certora-cli to 7.10.2
This should fix the bug of certora-cli not properly completing with non
zero exit codes on errors, which ultimately results in CI tasks to give
false positives.
2024-08-27 15:08:52 +02:00
r4bbit 3a6249e886 fix(certora): make rule for allowed request state changes work again 2024-08-23 14:01:43 +02:00
r4bbit 7dc26ccc47 chore(certora): add rule that cancelled requests stay cancelled and finished requests stay finished 2024-08-23 14:01:43 +02:00
r4bbit 09ca8481fb fix(certora): fix rule that describes allowed request state changes
This broke due to a newly introduced signature for `fillSlot()`
2024-08-23 14:01:43 +02:00
r4bbit faeb808d41 fix(certora): fix invariant that requests are started when slots filled 2024-08-23 14:01:43 +02:00
r4bbit 7c542e72b6 chore(certora); add rule to verify slot is failed or free when request
has failed
2024-08-23 14:01:43 +02:00
r4bbit 7dc5566cd9 chore(certora): add invariant that cancelled slots always belong to cancelled requests 2024-08-23 14:01:43 +02:00
r4bbit 0acb522fe7 chore(certora): add invariant that paid slots always have a finished or cancelled request 2024-08-23 14:01:43 +02:00
r4bbit a1229b5af3 chore(certora): introduce invariant that finished slots always belong to finished requests 2024-08-23 14:01:43 +02:00
r4bbit 5b5a3c9e2e chore(certora): introduce invariant that failed requests are always ended 2024-08-23 14:01:43 +02:00
r4bbit 7ce7a5dda0 chore(certora): add invariant that cancelled requests are always expired 2024-08-23 14:01:43 +02:00
r4bbit ebdf9ed366 fix(certora): fix rule that missed slots == number of issed periods 2024-08-23 14:01:43 +02:00
Andrea Franz 92ab1e50dd chore(certora): set MarketplaceHarness as parametric_contract config value 2024-08-19 14:07:05 +02:00
Eric 73a2ca0bd3
feat: adds an optional `payoutAddress` to allow payouts to be paid to separate address (#144)
* initial commit for splitting payouts

Collateral goes to slot's host address, while reward payouts go to the slot's host payoutAddress

* Add fillSlot overload to make payoutAddress "optional"

* add tests for payoutAddress

* add doc to patchFillSlotOverloads

* formatting

* remove optional payoutAddress parameter

* Move payoutAddress to freeSlot

- remove payoutAddress parameter from `fillSlot`
- remove `payoutAddress` from slot struct and storage
- add payoutAddress parameter to `freeSlot`, preventing the need for storage

* formatting

* update certora spec to match updated function signature

* Add withdrawAddress to withdrawFunds

- prevent erc20 msg.sender blacklisting

* Update tests for paying out to withdrawAddress

* formatting

* Add collateralRecipient

* refactor: change withdrawFunds and freeSlot overloads

- `withdrawFunds` now has an option withdrawRecipient parameter
- `freeSlot` now has two optional parameters: rewardRecipient, and collateralRecipient. Both or none must be specified.

* update certora spec for new sigs
2024-08-19 17:09:48 +10:00
Andrea Franz 29f39d52c7
chore(certora): slot's missed periods count should be equal to the count of slot's missing periods set to true (#155) 2024-08-15 12:51:14 +02:00
r4bbit a27da9738a chore(certora): verify SlotState and RequestState changes count
This adds a rule to formally verify that the `SlotState` and
`RequestState` of any given `Slot` or `Request` does not change more
than once per function call.

Closes #129
2024-08-14 11:10:16 +02:00
Eric ed428767b3
chore: add `downtimeProduct` configuration parameter (#138)
* add `downtimeProduct` configuration parameter

* formatting
2024-08-14 15:50:32 +10:00
r4bbit 1d36256230 chore(certora): add invariant that proofs cant be missing when in period
This invariant verifies that any given proof cannot be marked as missing
if the slot period has not passed yet.
2024-08-13 09:39:29 +02:00
r4bbit e04f8ae909 chore(certora): add invariant that totalSupply is sumOfBalances
This invariant ensures that the total supply of the used token in the
contract is always greater equal to the sum of all balances within the
token combined.
2024-08-12 15:55:45 +02:00
r4bbit 2e3f775a0d chore: formally verify request state changes
This commit adds CVL rule that formally verifies the state changes of
any given request in relation to the functions of the contract that can
cause them.

Closes #128
2024-08-12 15:26:59 +02:00
Adam Uhlíř fe8da1013d
docs: proofs comments (#118)
Co-authored-by: Eric <5089238+emizzle@users.noreply.github.com>
Co-authored-by: markspanbroek <mark@spanbroek.net>
2024-08-08 09:35:35 +00:00
Slava 74b1a9efb7
Add codex_testnet deployment artifacts (#145)
https://github.com/codex-storage/infra-codex/issues/186
2024-08-07 18:58:31 +03:00
r4bbit 0f596e639a chore(ci): update certora-cli version in CI tasks
This updates `certora-cli` to the latest version (at the time of the
commit, this was 7.10.1).
2024-08-06 11:01:24 +02:00
Slava bbd57ab876
Add Codex Devnet and Testnet networks (#135)
* Add Codex Devnet and Testnet networks (#112)

* Add circuit assets for Codex Devnet and Testnet (#112)
2024-08-06 08:37:40 +03:00
r4bbit e62ebf6b0e
fix: ensure requestStorage() reverts if maxSlotloss > slots (#140) 2024-08-05 10:58:51 +02:00
Slava 8b3761c1a7
ci: add ci job concurrency (#136)
* ci: add ci job concurrency

* ci: update actions to the latest major versions
2024-08-01 07:51:52 +03:00
r4bbit 688a8ed929
Set up certora and implement first rules (#122)
Co-authored-by: 0xb337r007 <0xe4e5@proton.me>
Co-authored-by: Adam Uhlíř <adam@uhlir.dev>
2024-07-24 18:50:18 +02:00
Giuliano Mega 7ad26688a3
update circuit assets to latest version for hardhat and dist test net (#121) 2024-07-17 16:39:15 -03:00
Slava 924d192de1
ci: update actions to the latest major versions (#120) 2024-06-14 13:53:18 +02:00
Adam Uhlíř 57e8cd5013
feat: expiry specified as duration (#99) 2024-05-06 15:13:32 +02:00
Jaremy Creechley 4d9320a582
Update .tool-versions (#94) 2024-03-20 13:09:32 +00:00
Ben Bierens a58427e496
Updates dist-test circuit (#96)
* Updates dist-test circuit

* Removes unused example-proofs for dist-tests
2024-03-18 13:33:28 +01:00
Mark Spanbroek 8ecc5bfc66 readme: update todo list, we have actual proofs 2024-03-13 15:28:49 +01:00
Mark Spanbroek 53999c74d3 Provide all gas to precompiles
Rationale: subtracting 2000 from the provided gas seems
arbitrary, and doesn't provide any benefits. Whether
verify() fails with an out-of-gas error, or returns
'false', in both cases the proof is not verified.

Co-Authored-By: Balazs Komuves <bkomuves@gmail.com>
2024-03-13 15:25:59 +01:00
Mark Spanbroek 84eba26f76 Document that group elements are checked by precompiles
Co-Authored-By: Balazs Komuves <bkomuves@gmail.com>
2024-03-13 15:25:59 +01:00
Mark Spanbroek c55b34fc76 uint -> uint256
Co-Authored-By: Balazs Komuves <bkomuves@gmail.com>
2024-03-13 15:25:59 +01:00