|
|
@@ -272,10 +272,31 @@ rule noExecuteOrCancelBeforeDeadline(uint256 pId, method f){
|
|
|
///////////////////////////// Not Categorized Yet //////////////////////////////
|
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
|
+/*
|
|
|
+ * Shows that executed can only change due to execute()
|
|
|
+ */
|
|
|
+rule executedOnlyAfterExecuteFunc(address[] targets, uint256[] values, bytes[] calldatas, bytes32 descriptionHash, method f) {
|
|
|
+ env e; calldataarg args;
|
|
|
+ uint256 pId;
|
|
|
+ bool executedBefore = isExecuted(pId);
|
|
|
+ require(!executedBefore);
|
|
|
+
|
|
|
+ helperFunctionsWithRevert(pId, f, e);
|
|
|
+ require(!lastReverted);
|
|
|
+
|
|
|
+ bool executedAfter = isExecuted(pId);
|
|
|
+ assert(executedAfter != executedBefore, "executed property did not change");
|
|
|
+}
|
|
|
+
|
|
|
+
|
|
|
|
|
|
/*
|
|
|
- * All non-view functions should revert if proposal is executed
|
|
|
+ * All proposal specific (non-view) functions should revert if proposal is executed
|
|
|
*/
|
|
|
+ // In this rule we show that if a function is executed, i.e. execute() was called on the proposal ID,
|
|
|
+ // non of the proposal specific functions can make changes again. In executedOnlyAfterExecuteFunc
|
|
|
+ // we connected the executed attribute to the execute() function, showing that only execute() can
|
|
|
+ // change it, and that it will always change it.
|
|
|
rule allFunctionsRevertIfExecuted(method f) filtered { f -> !f.isView && f.selector != updateQuorumNumerator(uint256).selector &&
|
|
|
!f.isFallback && f.selector != updateTimelock(address).selector} {
|
|
|
env e; calldataarg args;
|
|
|
@@ -290,7 +311,7 @@ rule allFunctionsRevertIfExecuted(method f) filtered { f -> !f.isView && f.selec
|
|
|
}
|
|
|
|
|
|
/*
|
|
|
- * All non-view functions should revert if proposal is canceled
|
|
|
+ * All proposal specific (non-view) functions should revert if proposal is canceled
|
|
|
*/
|
|
|
rule allFunctionsRevertIfCanceled(method f) filtered { f -> !f.isView && f.selector != updateQuorumNumerator(uint256).selector &&
|
|
|
!f.isFallback && f.selector != updateTimelock(address).selector} {
|
|
|
@@ -303,20 +324,4 @@ rule allFunctionsRevertIfCanceled(method f) filtered { f -> !f.isView && f.selec
|
|
|
helperFunctionsWithRevert(pId, f, e);
|
|
|
|
|
|
assert(lastReverted, "Function was not reverted");
|
|
|
-}
|
|
|
-
|
|
|
-/*
|
|
|
- * Shows that executed can only change due to execute()
|
|
|
- */
|
|
|
-rule executedOnlyAfterExecuteFunc(address[] targets, uint256[] values, bytes[] calldatas, bytes32 descriptionHash, method f) {
|
|
|
- env e; calldataarg args;
|
|
|
- uint256 pId;
|
|
|
- bool executedBefore = isExecuted(pId);
|
|
|
- require(!executedBefore);
|
|
|
-
|
|
|
- helperFunctionsWithRevert(pId, f, e);
|
|
|
- require(!lastReverted);
|
|
|
-
|
|
|
- bool executedAfter = isExecuted(pId);
|
|
|
- assert(executedAfter != executedBefore, "executed property did not change");
|
|
|
-}
|
|
|
+}
|
Michael M