GitBross Home Explore Help
Register Sign In
sol_Bo8des9o
/
openzeppelin-contracts
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

AccessControl verification

Aleksander Kryukov 3 years ago
parent
50cf82823e
commit
ec4e77397f
2 changed files with 94 additions and 0 deletions
Split View Show Diff Stats
  1. 9 0
      certora/scripts/verifyAccessControl.sh
  2. 85 0
      certora/specs/AccessControl.spec

+ 9 - 0
certora/scripts/verifyAccessControl.sh
View File 

@@ -0,0 +1,9 @@
 
+certoraRun \
 
+    certora/harnesses/AccessControlHarness.sol \
 
+    --verify AccessControlHarness:certora/specs/AccessControl.spec \
 
+    --solc solc8.2 \
 
+    --optimistic_loop \
 
+    --staging \
 
+    --rule_sanity \
 
+    --msg "modifier check"
 
+

+ 85 - 0
certora/specs/AccessControl.spec
View File 

@@ -0,0 +1,85 @@
 
+methods {

+    grantRole(bytes32, address)

+    revokeRole(bytes32, address)

+    _checkRole(bytes32)

+    safeTransferFrom(address, address, uint256, uint256, bytes)

+    safeBatchTransferFrom(address, address, uint256[], uint256[], bytes)

+

+    getRoleAdmin(bytes32) returns(bytes32) envfree

+    hasRole(bytes32, address) returns(bool) envfree

+} 

+

+

+// STATUS - verified

+// check onlyRole modifier for grantRole()

+rule onlyRoleModifierCheckGrant(env e){

+    bytes32 role; address account;

+

+    _checkRole@withrevert(e, getRoleAdmin(role));

+    bool checkRevert = lastReverted;

+

+    grantRole@withrevert(e, role, account);

+    bool grantRevert = lastReverted;

+

+    assert checkRevert => grantRevert, "modifier goes bananas";

+}

+

+

+// STATUS - verified

+// check onlyRole modifier for revokeRole()

+rule onlyRoleModifierCheckRevoke(env e){

+    bytes32 role; address account;

+

+    _checkRole@withrevert(e, getRoleAdmin(role));

+    bool checkRevert = lastReverted;

+

+    revokeRole@withrevert(e, role, account);

+    bool revokeRevert = lastReverted;

+

+    assert checkRevert => revokeRevert, "modifier goes bananas";

+}

+

+

+// STATUS - verified

+// grantRole() does not affect another accounts 

+rule grantRoleEffect(env e){

+    bytes32 role; address account; 

+    bytes32 anotherRole; address nonEffectedAcc;

+    require account != nonEffectedAcc;

+

+    bool hasRoleBefore = hasRole(anotherRole, nonEffectedAcc);

+

+    grantRole(e, role, account);

+

+    bool hasRoleAfter = hasRole(anotherRole, nonEffectedAcc);

+

+    assert hasRoleBefore == hasRoleAfter, "modifier goes bananas";

+}

+

+

+// STATUS - verified

+// grantRole() does not affect another accounts 

+rule revokeRoleEffect(env e){

+    bytes32 role; address account; 

+    bytes32 anotherRole; address nonEffectedAcc;

+    require account != nonEffectedAcc;

+

+    bool hasRoleBefore = hasRole(anotherRole, nonEffectedAcc);

+

+    revokeRole(e, role, account);

+

+    bool hasRoleAfter = hasRole(anotherRole, nonEffectedAcc);

+

+    assert hasRoleBefore == hasRoleAfter, "modifier goes bananas";

+}

+

+

+

+

+

+

+

+

+

+

+