staking/certora/specs/MaxMPRule.spec

import "./shared.spec";

methods {
  function startTime() external returns (uint256) envfree;
  function currentEpoch() external returns (uint256) envfree;
}

function simplifyEpochProcessing(env e){
  require e.block.timestamp == _stakeManager.startTime();
  require _stakeManager.currentEpoch() == 0;
}

/* TODO: very usage of CONSTANT with Math.mulDiv or simplify mulDiv somehow, and replace simplifyEpochProcessing with reduceEpochProcessing

function reduceEpochProcessing(env e, uint256 maxEpochs) {
  require e.block.timestamp >= _stakeManager.startTime();
  uint256 currentEpoch = _stakeManager.currentEpoch();
  uint256 newEpoch = _stakeManager.newEpoch(e);
  require currentEpoch <= newEpoch;
  require currentEpoch - newEpoch <= maxEpochs;
}

function reduceAccountProcessing(env e, address addr, uint256 maxEpochs) {
  uint256 currentEpoch = _stakeManager.currentEpoch();
  uint256 accountEpoch = getAccountEpoch(addr);
  require accountEpoch <= currentEpoch;
  require accountEpoch >= currentEpoch - maxEpochs;
}
*/

invariant MPcantBeGreaterThanMaxMP(address addr)
  to_mathint(getAccountCurrentMultiplierPoints(addr)) <= to_mathint(getAccountMaxMultiplierPoints(addr))
  filtered {
    f -> f.selector != sig:migrateFrom(address,bool,StakeManager.Account).selector
  }
  { preserved with (env e) {
      simplifyEpochProcessing(e);
      /*reduceEpochProcessing(e, 3);
      reduceAccountProcessing(e, addr, 3);*/
      requireInvariant MaxMPIsNeverSmallerThanBalance(addr);
      requireInvariant CurrentMPIsNeverSmallerThanBalance(addr);
    }
  }
refactor(certora): move rule about MP not greater than max MP into own spec This is necessary because we need to run this rule on a custom config to avoid timeouts. 2024-10-08 10:19:43 +02:00			`import "./shared.spec";`

			`methods {`
fix(certora/specs): Make rules work again 2024-11-15 02:22:56 -03:00			`function startTime() external returns (uint256) envfree;`
			`function currentEpoch() external returns (uint256) envfree;`
refactor(certora): move rule about MP not greater than max MP into own spec This is necessary because we need to run this rule on a custom config to avoid timeouts. 2024-10-08 10:19:43 +02:00			`}`

fix(certora/specs): Make rules work again 2024-11-15 02:22:56 -03:00			`function simplifyEpochProcessing(env e){`
			`require e.block.timestamp == _stakeManager.startTime();`
			`require _stakeManager.currentEpoch() == 0;`
			`}`

			`/* TODO: very usage of CONSTANT with Math.mulDiv or simplify mulDiv somehow, and replace simplifyEpochProcessing with reduceEpochProcessing`

			`function reduceEpochProcessing(env e, uint256 maxEpochs) {`
			`require e.block.timestamp >= _stakeManager.startTime();`
			`uint256 currentEpoch = _stakeManager.currentEpoch();`
			`uint256 newEpoch = _stakeManager.newEpoch(e);`
			`require currentEpoch <= newEpoch;`
			`require currentEpoch - newEpoch <= maxEpochs;`
			`}`

			`function reduceAccountProcessing(env e, address addr, uint256 maxEpochs) {`
			`uint256 currentEpoch = _stakeManager.currentEpoch();`
			`uint256 accountEpoch = getAccountEpoch(addr);`
			`require accountEpoch <= currentEpoch;`
			`require accountEpoch >= currentEpoch - maxEpochs;`
			`}`
			`*/`

refactor(certora): move rule about MP not greater than max MP into own spec This is necessary because we need to run this rule on a custom config to avoid timeouts. 2024-10-08 10:19:43 +02:00			`invariant MPcantBeGreaterThanMaxMP(address addr)`
chore(cerotra/spec): fix rules 2024-11-13 16:46:30 -03:00			`to_mathint(getAccountCurrentMultiplierPoints(addr)) <= to_mathint(getAccountMaxMultiplierPoints(addr))`
refactor(certora): move rule about MP not greater than max MP into own spec This is necessary because we need to run this rule on a custom config to avoid timeouts. 2024-10-08 10:19:43 +02:00			`filtered {`
			`f -> f.selector != sig:migrateFrom(address,bool,StakeManager.Account).selector`
			`}`
fix(certora/specs): Make rules work again 2024-11-15 02:22:56 -03:00			`{ preserved with (env e) {`
			`simplifyEpochProcessing(e);`
			`/*reduceEpochProcessing(e, 3);`
			`reduceAccountProcessing(e, addr, 3);*/`
chore(cerotra/spec): fix rules 2024-11-13 16:46:30 -03:00			`requireInvariant MaxMPIsNeverSmallerThanBalance(addr);`
			`requireInvariant CurrentMPIsNeverSmallerThanBalance(addr);`
refactor(certora): move rule about MP not greater than max MP into own spec This is necessary because we need to run this rule on a custom config to avoid timeouts. 2024-10-08 10:19:43 +02:00			`}`
			`}`