You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: certora/README.md
+30-21Lines changed: 30 additions & 21 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,7 +13,7 @@ The Morpho Blue protocol allows users to take out collateralized loans on ERC20
13
13
For a given market, Morpho Blue relies on the fact that the tokens involved respect the ERC20 standard.
14
14
In particular, in case of a transfer, it is assumed that the balance of Morpho Blue increases or decreases (depending if its the recipient or the sender) of the amount transferred.
15
15
16
-
The file [Transfer.spec](./specs/Transfer.spec) defines a summary of the transfer functions.
16
+
The file [Transfer.spec](specs/Transfer.spec) defines a summary of the transfer functions.
17
17
This summary is taken as the reference implementation to check that the balance of the Morpho Blue contract changes as expected.
18
18
19
19
```solidity
@@ -31,9 +31,9 @@ where `balance` is the ERC20 balance of the Morpho Blue contract.
31
31
32
32
The verification is done for the most common implementations of the ERC20 standard, for which we distinguish three different implementations:
33
33
34
-
-[ERC20Standard](./dispatch/ERC20Standard.sol) which respects the standard and reverts in case of insufficient funds or in case of insufficient allowance.
35
-
-[ERC20NoRevert](./dispatch/ERC20NoRevert.sol) which respects the standard but does not revert (and returns false instead).
36
-
-[ERC20USDT](./dispatch/ERC20USDT.sol) which does not strictly respects the standard because it omits the return value of the `transfer` and `transferFrom` functions.
34
+
-[ERC20Standard](dispatch/ERC20Standard.sol) which respects the standard and reverts in case of insufficient funds or in case of insufficient allowance.
35
+
-[ERC20NoRevert](dispatch/ERC20NoRevert.sol) which respects the standard but does not revert (and returns false instead).
36
+
-[ERC20USDT](dispatch/ERC20USDT.sol) which does not strictly respects the standard because it omits the return value of the `transfer` and `transferFrom` functions.
37
37
38
38
Additionally, Morpho Blue always goes through a custom transfer library to handle ERC20 tokens, notably in all the above cases.
39
39
This library reverts when the transfer is not successful, and this is checked for the case of insufficient funds or insufficient allowance.
The [`certora/specs`](./specs) folder contains the following files:
241
+
The [`certora/specs`](specs) folder contains the following files:
242
242
243
-
-[`AccrueInterest.spec`](./specs/AccrueInterest.spec) checks that the main functions accrue interest at the start of the interaction.
243
+
-[`AccrueInterest.spec`](specs/AccrueInterest.spec) checks that the main functions accrue interest at the start of the interaction.
244
244
This is done by ensuring that accruing interest before calling the function does not change the outcome compared to just calling the function.
245
245
View functions do not necessarily respect this property (for example, `totalSupplyShares`), and are filtered out.
246
-
-[`ConsistentState.spec`](./specs/ConsistentState.spec) checks that the state (storage) of the Morpho contract is consistent.
246
+
-[`ConsistentState.spec`](specs/ConsistentState.spec) checks that the state (storage) of the Morpho contract is consistent.
247
247
This includes checking that the accounting of the total amount and shares is correct, that markets are independent from each other, that only enabled IRMs and LLTVs can be used, and that users cannot have their position made worse by an unauthorized account.
248
-
-[`ExactMath.spec`](./specs/ExactMath.spec) checks precise properties when taking into account exact multiplication and division.
248
+
-[`ExactMath.spec`](specs/ExactMath.spec) checks precise properties when taking into account exact multiplication and division.
249
249
Notably, this file specifies that using supply and withdraw in the same block cannot yield more funds than at the start.
250
-
-[`ExitLiquidity.spec`](./specs/ExitLiquidity.spec) checks that when exiting a position with withdraw, withdrawCollateral, or repay, the user cannot get more than what was owed.
251
-
-[`Health.spec`](./specs/Health.spec) checks properties about the health of the positions.
250
+
-[`ExitLiquidity.spec`](specs/ExitLiquidity.spec) checks that when exiting a position with withdraw, withdrawCollateral, or repay, the user cannot get more than what was owed.
251
+
-[`Health.spec`](specs/Health.spec) checks properties about the health of the positions.
252
252
Notably, functions cannot render an account unhealthy, and debt positions always have some collateral (thanks to the bad debt realization mechanism).
253
-
-[`LibSummary.spec`](./specs/LibSummary.spec) checks the summarization of the library functions that are used in other specification files.
254
-
-[`Liveness.spec`](./specs/Liveness.spec) checks that main functions change the owner of funds and the amount of shares as expected, and that it's always possible to exit a position.
255
-
-[`RatioMath.spec`](./specs/RatioMath.spec) checks that the ratio between shares and assets evolves predictably over time.
256
-
-[`Reentrancy.spec`](./specs/Reentrancy.spec) checks that the contract is immune to a particular class of reentrancy issues.
257
-
-[`Reverts.spec`](./specs/Reverts.spec) checks the condition for reverts and that inputs are correctly validated.
258
-
-[`Transfer.spec`](./specs/Transfer.spec) checks the summarization of the safe transfer library functions that are used in other specification files.
253
+
-[`LibSummary.spec`](specs/LibSummary.spec) checks the summarization of the library functions that are used in other specification files.
254
+
-[`Liveness.spec`](specs/Liveness.spec) checks that main functions change the owner of funds and the amount of shares as expected, and that it's always possible to exit a position.
255
+
-[`RatioMath.spec`](specs/RatioMath.spec) checks that the ratio between shares and assets evolves predictably over time.
256
+
-[`Reentrancy.spec`](specs/Reentrancy.spec) checks that the contract is immune to a particular class of reentrancy issues.
257
+
-[`Reverts.spec`](specs/Reverts.spec) checks the condition for reverts and that inputs are correctly validated.
258
+
-[`Transfer.spec`](specs/Transfer.spec) checks the summarization of the safe transfer library functions that are used in other specification files.
259
259
260
-
The [`certora/confs`](./confs) folder contains a configuration file for each corresponding specification file.
260
+
The [`certora/confs`](confs) folder contains a configuration file for each corresponding specification file.
261
261
262
-
The [`certora/harness`](./harness) folder contains contracts that enable the verification of Morpho Blue.
262
+
The [`certora/harness`](harness) folder contains contracts that enable the verification of Morpho Blue.
263
263
Notably, this allows handling the fact that library functions should be called from a contract to be verified independently, and it allows defining needed getters.
264
264
265
-
The [`certora/dispatch`](./dispatch) folder contains different contracts similar to the ones that are expected to be called from Morpho Blue.
265
+
The [`certora/dispatch`](dispatch) folder contains different contracts similar to the ones that are expected to be called from Morpho Blue.
266
266
267
267
# Getting started
268
268
269
-
Install `certoraRun` with `pip install certora-cli`.
270
-
To verify specification files, pass the corresponding configuration file in the [`certora/confs`](./confs) folder.
269
+
Install `certora-cli` package with `pip install certora-cli`.
270
+
To verify specification files, pass to `certoraRun`the corresponding configuration file in the [`certora/confs`](confs) folder.
271
271
It requires having set the `CERTORAKEY` environment variable to a valid Certora key.
272
272
You can also pass additional arguments, notably to verify a specific rule.
0 commit comments