Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Certora] Mutations #564

Merged
merged 34 commits into from
Nov 27, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
8106624
feat: add gambit initial configuration
QGarchery Nov 21, 2023
d5c7303
fix: remove breaking solc version
QGarchery Oct 31, 2023
766667f
test: mutant 2
QGarchery Nov 22, 2023
744d0ff
test: mutant 3
QGarchery Nov 22, 2023
e445aaf
test: mutant 6
QGarchery Nov 22, 2023
9eba54d
test: mutant 10
QGarchery Nov 22, 2023
d21a86f
test: mutant 13
QGarchery Nov 22, 2023
de3147c
feat: respecting non-zero input
QGarchery Nov 23, 2023
0ef14b5
Revert "test: mutant 2"
QGarchery Nov 23, 2023
57a648a
Merge pull request #617 from morpho-org/certora/mutant-2
QGarchery Nov 23, 2023
957d61c
feat: test liquidity in liveness
QGarchery Nov 23, 2023
04f0c4b
refactor: improving mutant to get significant result
QGarchery Nov 23, 2023
c4306f1
feat: accrue interest input validation
QGarchery Nov 23, 2023
c25947a
revert: test mutant 13
QGarchery Nov 23, 2023
7d1a1c2
feat: improving coverage of liquidity check in repay liveness
QGarchery Nov 23, 2023
0abb423
Merge pull request #606 from morpho-org/certora/mutant-13
QGarchery Nov 23, 2023
bb6d9bb
revert: mutant 6
QGarchery Nov 23, 2023
4b5116a
Merge pull request #613 from morpho-org/certora/mutant-6
QGarchery Nov 23, 2023
4d1a18a
Merge remote-tracking branch 'origin/certora/gambit' into certora/mut…
QGarchery Nov 23, 2023
3e22f7c
feat: added liveness for liquidate
QGarchery Nov 23, 2023
641a6f1
test: mutant 12
QGarchery Nov 22, 2023
75025b0
feat: add setAuthorizationWithSig liveness and input validation
QGarchery Nov 23, 2023
033670c
fix: repaidShares input in liquidation
QGarchery Nov 23, 2023
d76c9f4
fix: revert condition setAuthorizationWithSig
QGarchery Nov 23, 2023
2aac61f
fix: liquidate liveness only in case loan and collateral are different
QGarchery Nov 23, 2023
35eb09a
Revert "test: mutant 10"
QGarchery Nov 23, 2023
f5c34bd
Revert "test: mutant 12"
QGarchery Nov 23, 2023
5753c9f
feat: can use shares properties
QGarchery Nov 23, 2023
2a0028f
Merge pull request #609 from morpho-org/certora/mutant-10
QGarchery Nov 24, 2023
166ea99
Merge remote-tracking branch 'origin/certora/gambit' into certora/mut…
QGarchery Nov 24, 2023
87d55a6
Revert "test: mutant 3"
QGarchery Nov 24, 2023
434df02
Merge pull request #616 from morpho-org/certora/mutant-3
QGarchery Nov 24, 2023
9f80ff1
Merge pull request #607 from morpho-org/certora/mutant-12
QGarchery Nov 24, 2023
dfc58ad
docs: update certora/README.md with mutations
QGarchery Nov 24, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 30 additions & 21 deletions certora/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ The Morpho Blue protocol allows users to take out collateralized loans on ERC20
For a given market, Morpho Blue relies on the fact that the tokens involved respect the ERC20 standard.
In particular, in case of a transfer, it is assumed that the balance of Morpho Blue increases or decreases (depending if its the recipient or the sender) of the amount transferred.

The file [Transfer.spec](./specs/Transfer.spec) defines a summary of the transfer functions.
The file [Transfer.spec](specs/Transfer.spec) defines a summary of the transfer functions.
This summary is taken as the reference implementation to check that the balance of the Morpho Blue contract changes as expected.

```solidity
Expand All @@ -31,9 +31,9 @@ where `balance` is the ERC20 balance of the Morpho Blue contract.

The verification is done for the most common implementations of the ERC20 standard, for which we distinguish three different implementations:

- [ERC20Standard](./dispatch/ERC20Standard.sol) which respects the standard and reverts in case of insufficient funds or in case of insufficient allowance.
- [ERC20NoRevert](./dispatch/ERC20NoRevert.sol) which respects the standard but does not revert (and returns false instead).
- [ERC20USDT](./dispatch/ERC20USDT.sol) which does not strictly respects the standard because it omits the return value of the `transfer` and `transferFrom` functions.
- [ERC20Standard](dispatch/ERC20Standard.sol) which respects the standard and reverts in case of insufficient funds or in case of insufficient allowance.
- [ERC20NoRevert](dispatch/ERC20NoRevert.sol) which respects the standard but does not revert (and returns false instead).
- [ERC20USDT](dispatch/ERC20USDT.sol) which does not strictly respects the standard because it omits the return value of the `transfer` and `transferFrom` functions.

Additionally, Morpho Blue always goes through a custom transfer library to handle ERC20 tokens, notably in all the above cases.
This library reverts when the transfer is not successful, and this is checked for the case of insufficient funds or insufficient allowance.
Expand Down Expand Up @@ -238,40 +238,49 @@ assert withdrawnAssets <= owedAssets;

# Folder and file structure

The [`certora/specs`](./specs) folder contains the following files:
The [`certora/specs`](specs) folder contains the following files:

- [`AccrueInterest.spec`](./specs/AccrueInterest.spec) checks that the main functions accrue interest at the start of the interaction.
- [`AccrueInterest.spec`](specs/AccrueInterest.spec) checks that the main functions accrue interest at the start of the interaction.
This is done by ensuring that accruing interest before calling the function does not change the outcome compared to just calling the function.
View functions do not necessarily respect this property (for example, `totalSupplyShares`), and are filtered out.
- [`ConsistentState.spec`](./specs/ConsistentState.spec) checks that the state (storage) of the Morpho contract is consistent.
- [`ConsistentState.spec`](specs/ConsistentState.spec) checks that the state (storage) of the Morpho contract is consistent.
This includes checking that the accounting of the total amount and shares is correct, that markets are independent from each other, that only enabled IRMs and LLTVs can be used, and that users cannot have their position made worse by an unauthorized account.
- [`ExactMath.spec`](./specs/ExactMath.spec) checks precise properties when taking into account exact multiplication and division.
- [`ExactMath.spec`](specs/ExactMath.spec) checks precise properties when taking into account exact multiplication and division.
Notably, this file specifies that using supply and withdraw in the same block cannot yield more funds than at the start.
- [`ExitLiquidity.spec`](./specs/ExitLiquidity.spec) checks that when exiting a position with withdraw, withdrawCollateral, or repay, the user cannot get more than what was owed.
- [`Health.spec`](./specs/Health.spec) checks properties about the health of the positions.
- [`ExitLiquidity.spec`](specs/ExitLiquidity.spec) checks that when exiting a position with withdraw, withdrawCollateral, or repay, the user cannot get more than what was owed.
- [`Health.spec`](specs/Health.spec) checks properties about the health of the positions.
Notably, functions cannot render an account unhealthy, and debt positions always have some collateral (thanks to the bad debt realization mechanism).
- [`LibSummary.spec`](./specs/LibSummary.spec) checks the summarization of the library functions that are used in other specification files.
- [`Liveness.spec`](./specs/Liveness.spec) checks that main functions change the owner of funds and the amount of shares as expected, and that it's always possible to exit a position.
- [`RatioMath.spec`](./specs/RatioMath.spec) checks that the ratio between shares and assets evolves predictably over time.
- [`Reentrancy.spec`](./specs/Reentrancy.spec) checks that the contract is immune to a particular class of reentrancy issues.
- [`Reverts.spec`](./specs/Reverts.spec) checks the condition for reverts and that inputs are correctly validated.
- [`Transfer.spec`](./specs/Transfer.spec) checks the summarization of the safe transfer library functions that are used in other specification files.
- [`LibSummary.spec`](specs/LibSummary.spec) checks the summarization of the library functions that are used in other specification files.
- [`Liveness.spec`](specs/Liveness.spec) checks that main functions change the owner of funds and the amount of shares as expected, and that it's always possible to exit a position.
- [`RatioMath.spec`](specs/RatioMath.spec) checks that the ratio between shares and assets evolves predictably over time.
- [`Reentrancy.spec`](specs/Reentrancy.spec) checks that the contract is immune to a particular class of reentrancy issues.
- [`Reverts.spec`](specs/Reverts.spec) checks the condition for reverts and that inputs are correctly validated.
- [`Transfer.spec`](specs/Transfer.spec) checks the summarization of the safe transfer library functions that are used in other specification files.

The [`certora/confs`](./confs) folder contains a configuration file for each corresponding specification file.
The [`certora/confs`](confs) folder contains a configuration file for each corresponding specification file.

The [`certora/harness`](./harness) folder contains contracts that enable the verification of Morpho Blue.
The [`certora/harness`](harness) folder contains contracts that enable the verification of Morpho Blue.
Notably, this allows handling the fact that library functions should be called from a contract to be verified independently, and it allows defining needed getters.

The [`certora/dispatch`](./dispatch) folder contains different contracts similar to the ones that are expected to be called from Morpho Blue.
The [`certora/dispatch`](dispatch) folder contains different contracts similar to the ones that are expected to be called from Morpho Blue.

# Getting started

Install `certoraRun` with `pip install certora-cli`.
To verify specification files, pass the corresponding configuration file in the [`certora/confs`](./confs) folder.
Install `certora-cli` package with `pip install certora-cli`.
To verify specification files, pass to `certoraRun` the corresponding configuration file in the [`certora/confs`](confs) folder.
It requires having set the `CERTORAKEY` environment variable to a valid Certora key.
You can also pass additional arguments, notably to verify a specific rule.
For example, at the root of the repository:

```
certoraRun certora/confs/ConsistentState.conf --rule borrowLessThanSupply
```

The `certora-cli` package also includes a `certoraMutate` binary.
The file [`gambit.conf`](gambit.conf) provides a default configuration of the mutations.
You can test to mutate the code and check it against a particular specification.
For example, at the root of the repository:

```
certoraMutate --prover_conf certora/confs/ConsistentState.conf --mutation_conf certora/gambit.conf
```
6 changes: 6 additions & 0 deletions certora/gambit.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
{
"filename" : "../src/Morpho.sol",
"sourceroot": "..",
"num_mutants": 15,
"solc_remappings": []
}
6 changes: 3 additions & 3 deletions certora/specs/AccrueInterest.spec
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
// SPDX-License-Identifier: GPL-2.0-or-later
methods {
function extSloads(bytes32[]) external returns bytes32[] => NONDET DELETE;

function maxFee() external returns uint256 envfree;

function MathLib.mulDivDown(uint256 a, uint256 b, uint256 c) internal returns uint256 => ghostMulDivDown(a,b,c);
function MathLib.mulDivUp(uint256 a, uint256 b, uint256 c) internal returns uint256 => ghostMulDivUp(a,b,c);
function MathLib.wTaylorCompounded(uint256 a, uint256 b) internal returns uint256 => ghostTaylorCompounded(a, b);

// We assume here that all external functions will not access storage, since we cannot show commutativity otherwise.
// We also need to assume that the price and borrow rate return always the same value (and do not depend on msg.origin), so we use ghost functions for them.
function _.borrowRate(MorphoHarness.MarketParams marketParams, MorphoHarness.Market market) external with (env e) => ghostBorrowRate(marketParams.irm, e.block.timestamp) expect uint256;
Expand All @@ -16,8 +18,6 @@ methods {
function _.onMorphoSupply(uint256, bytes) external => NONDET;
function _.onMorphoSupplyCollateral(uint256, bytes) external => NONDET;
function _.onMorphoFlashLoan(uint256, bytes) external => NONDET;

function maxFee() external returns uint256 envfree;
}

ghost ghostMulDivUp(uint256, uint256, uint256) returns uint256;
Expand Down
18 changes: 9 additions & 9 deletions certora/specs/ConsistentState.spec
Original file line number Diff line number Diff line change
@@ -1,25 +1,25 @@
// SPDX-License-Identifier: GPL-2.0-or-later
methods {
function extSloads(bytes32[]) external returns bytes32[] => NONDET DELETE;

function supplyShares(MorphoHarness.Id, address) external returns uint256 envfree;
function borrowShares(MorphoHarness.Id, address) external returns uint256 envfree;
function collateral(MorphoHarness.Id, address) external returns uint256 envfree;
function totalSupplyAssets(MorphoHarness.Id) external returns uint256 envfree;
function totalSupplyShares(MorphoHarness.Id) external returns uint256 envfree;
function totalBorrowAssets(MorphoHarness.Id) external returns uint256 envfree;
function totalBorrowShares(MorphoHarness.Id) external returns uint256 envfree;
function supplyShares(MorphoHarness.Id, address) external returns uint256 envfree;
function borrowShares(MorphoHarness.Id, address) external returns uint256 envfree;
function collateral(MorphoHarness.Id, address) external returns uint256 envfree;
function fee(MorphoHarness.Id) external returns uint256 envfree;
function lastUpdate(MorphoHarness.Id) external returns uint256 envfree;
function libId(MorphoHarness.MarketParams) external returns MorphoHarness.Id envfree;

function isAuthorized(address, address) external returns bool envfree;
function isLltvEnabled(uint256) external returns bool envfree;
function isIrmEnabled(address) external returns bool envfree;

function _.borrowRate(MorphoHarness.MarketParams, MorphoHarness.Market) external => HAVOC_ECF;
function isLltvEnabled(uint256) external returns bool envfree;
function isAuthorized(address, address) external returns bool envfree;

function maxFee() external returns uint256 envfree;
function wad() external returns uint256 envfree;
function libId(MorphoHarness.MarketParams) external returns MorphoHarness.Id envfree;

function _.borrowRate(MorphoHarness.MarketParams, MorphoHarness.Market) external => HAVOC_ECF;

function SafeTransferLib.safeTransfer(address token, address to, uint256 value) internal => summarySafeTransferFrom(token, currentContract, to, value);
function SafeTransferLib.safeTransferFrom(address token, address from, address to, uint256 value) internal => summarySafeTransferFrom(token, from, to, value);
Expand Down
7 changes: 4 additions & 3 deletions certora/specs/ExactMath.spec
Original file line number Diff line number Diff line change
@@ -1,21 +1,22 @@
// SPDX-License-Identifier: GPL-2.0-or-later
methods {
function extSloads(bytes32[]) external returns bytes32[] => NONDET DELETE;
function libId(MorphoHarness.MarketParams) external returns MorphoHarness.Id envfree;

function virtualTotalSupplyAssets(MorphoHarness.Id) external returns uint256 envfree;
function virtualTotalSupplyShares(MorphoHarness.Id) external returns uint256 envfree;
function virtualTotalBorrowAssets(MorphoHarness.Id) external returns uint256 envfree;
function virtualTotalBorrowShares(MorphoHarness.Id) external returns uint256 envfree;
function fee(MorphoHarness.Id) external returns uint256 envfree;
function lastUpdate(MorphoHarness.Id) external returns uint256 envfree;

function maxFee() external returns uint256 envfree;
function libId(MorphoHarness.MarketParams) external returns MorphoHarness.Id envfree;

function MathLib.mulDivDown(uint256 a, uint256 b, uint256 c) internal returns uint256 => summaryMulDivDown(a,b,c);
function MathLib.mulDivUp(uint256 a, uint256 b, uint256 c) internal returns uint256 => summaryMulDivUp(a,b,c);
function SafeTransferLib.safeTransfer(address token, address to, uint256 value) internal => NONDET;
function SafeTransferLib.safeTransferFrom(address token, address from, address to, uint256 value) internal => NONDET;
function _.onMorphoSupply(uint256 assets, bytes data) external => HAVOC_ECF;

function maxFee() external returns uint256 envfree;
}

function summaryMulDivUp(uint256 x, uint256 y, uint256 d) returns uint256 {
Expand Down
2 changes: 1 addition & 1 deletion certora/specs/ExitLiquidity.spec
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
// SPDX-License-Identifier: GPL-2.0-or-later
methods {
function extSloads(bytes32[]) external returns bytes32[] => NONDET DELETE;

function supplyShares(MorphoHarness.Id, address) external returns uint256 envfree;
function borrowShares(MorphoHarness.Id, address) external returns uint256 envfree;
function collateral(MorphoHarness.Id, address) external returns uint256 envfree;
function virtualTotalSupplyAssets(MorphoHarness.Id) external returns uint256 envfree;
function virtualTotalSupplyShares(MorphoHarness.Id) external returns uint256 envfree;
function virtualTotalBorrowAssets(MorphoHarness.Id) external returns uint256 envfree;
function virtualTotalBorrowShares(MorphoHarness.Id) external returns uint256 envfree;

function lastUpdate(MorphoHarness.Id) external returns uint256 envfree;

function libMulDivDown(uint256, uint256, uint256) external returns uint256 envfree;
Expand Down
6 changes: 4 additions & 2 deletions certora/specs/Health.spec
Original file line number Diff line number Diff line change
@@ -1,13 +1,15 @@
// SPDX-License-Identifier: GPL-2.0-or-later
methods {
function extSloads(bytes32[]) external returns bytes32[] => NONDET DELETE;
function lastUpdate(MorphoHarness.Id) external returns uint256 envfree;

function totalBorrowShares(MorphoHarness.Id) external returns uint256 envfree;
function lastUpdate(MorphoHarness.Id) external returns uint256 envfree;
function borrowShares(MorphoHarness.Id, address) external returns uint256 envfree;
function collateral(MorphoHarness.Id, address) external returns uint256 envfree;
function isHealthy(MorphoHarness.MarketParams, address user) external returns bool envfree;
function isAuthorized(address, address user) external returns bool envfree;

function libId(MorphoHarness.MarketParams) external returns MorphoHarness.Id envfree;
function isHealthy(MorphoHarness.MarketParams, address user) external returns bool envfree;

function _.price() external => mockPrice() expect uint256;
function MathLib.mulDivDown(uint256 a, uint256 b, uint256 c) internal returns uint256 => summaryMulDivDown(a,b,c);
Expand Down
1 change: 1 addition & 0 deletions certora/specs/LibSummary.spec
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
// SPDX-License-Identifier: GPL-2.0-or-later
methods {
function extSloads(bytes32[]) external returns bytes32[] => NONDET DELETE;

function libMulDivUp(uint256, uint256, uint256) external returns uint256 envfree;
function libMulDivDown(uint256, uint256, uint256) external returns uint256 envfree;
function libId(MorphoHarness.MarketParams) external returns MorphoHarness.Id envfree;
Expand Down
Loading