mirror of https://github.com/logos-co/staking.git
chore(StakeManager.spec): add MPCantBeGreaterThanMaxMP invariant
This commit introduces an invariant that ensures the generated multiplier points can never be greater than the max boost multiplier points. See discussion in #80 Closes #80
This commit is contained in:
parent
4f590049d4
commit
8afa4f3ac9
|
@ -7,15 +7,13 @@ methods {
|
||||||
function _.migrateFrom(address, bool, StakeManager.Account) external => NONDET;
|
function _.migrateFrom(address, bool, StakeManager.Account) external => NONDET;
|
||||||
function _.increaseMPFromMigration(uint256) external => NONDET;
|
function _.increaseMPFromMigration(uint256) external => NONDET;
|
||||||
function _.migrationInitialize(uint256,uint256,uint256,uint256) external => NONDET;
|
function _.migrationInitialize(uint256,uint256,uint256,uint256) external => NONDET;
|
||||||
|
|
||||||
function accounts(address) external returns(address, uint256, uint256, uint256, uint256, uint256, uint256) envfree;
|
function accounts(address) external returns(address, uint256, uint256, uint256, uint256, uint256, uint256) envfree;
|
||||||
|
function Math.mulDiv(uint256 a, uint256 b, uint256 c) internal returns uint256 => mulDivSummary(a,b,c);
|
||||||
}
|
}
|
||||||
|
|
||||||
function getAccountMultiplierPoints(address addr) returns uint256 {
|
function mulDivSummary(uint256 a, uint256 b, uint256 c) returns uint256 {
|
||||||
uint256 multiplierPoints;
|
require c != 0;
|
||||||
_, _, _, multiplierPoints, _, _, _ = accounts(addr);
|
return require_uint256(a*b/c);
|
||||||
|
|
||||||
return multiplierPoints;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function getAccountBalance(address addr) returns uint256 {
|
function getAccountBalance(address addr) returns uint256 {
|
||||||
|
@ -25,6 +23,20 @@ function getAccountBalance(address addr) returns uint256 {
|
||||||
return balance;
|
return balance;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function getAccountInitialMultiplierPoints(address addr) returns uint256 {
|
||||||
|
uint256 initialMP;
|
||||||
|
_, _, initialMP, _, _, _, _ = accounts(addr);
|
||||||
|
|
||||||
|
return initialMP;
|
||||||
|
}
|
||||||
|
|
||||||
|
function getAccountCurrentMultiplierPoints(address addr) returns uint256 {
|
||||||
|
uint256 currentMP;
|
||||||
|
_, _, _, currentMP, _, _, _ = accounts(addr);
|
||||||
|
|
||||||
|
return currentMP;
|
||||||
|
}
|
||||||
|
|
||||||
function isMigrationfunction(method f) returns bool {
|
function isMigrationfunction(method f) returns bool {
|
||||||
return
|
return
|
||||||
f.selector == sig:migrateTo(bool).selector ||
|
f.selector == sig:migrateTo(bool).selector ||
|
||||||
|
@ -101,6 +113,17 @@ invariant highEpochsAreNull(uint256 epochNumber)
|
||||||
m -> !requiresPreviousManager(m) && !requiresNextManager(m)
|
m -> !requiresPreviousManager(m) && !requiresNextManager(m)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
invariant MPcantBeGreaterThanMaxMP(address addr)
|
||||||
|
to_mathint(getAccountCurrentMultiplierPoints(addr)) <= (getAccountBalance(addr) * 8) + getAccountInitialMultiplierPoints(addr)
|
||||||
|
filtered {
|
||||||
|
f -> f.selector != sig:migrateFrom(address,bool,StakeManager.Account).selector
|
||||||
|
}
|
||||||
|
{ preserved {
|
||||||
|
require getAccountInitialMultiplierPoints(addr) >= getAccountBalance(addr);
|
||||||
|
require getAccountCurrentMultiplierPoints(addr) >= getAccountInitialMultiplierPoints(addr);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
rule reachability(method f)
|
rule reachability(method f)
|
||||||
{
|
{
|
||||||
calldataarg args;
|
calldataarg args;
|
||||||
|
|
Loading…
Reference in New Issue