| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172 |
- import "helpers.spec"
- import "methods/IGovernor.spec"
- import "Governor.helpers.spec"
- /*
- โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
- โ Invariant: clock is consistent between the goernor and the token โ
- โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
- */
- rule clockMode(env e) {
- assert clock(e) == e.block.number || clock(e) == e.block.timestamp;
- assert clock(e) == token_clock(e);
- }
- /*
- โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
- โ Invariant: Proposal is UNSET iff the proposer, the snapshot and the deadline are unset. โ
- โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
- */
- invariant createdConsistency(env e, uint256 pId)
- safeState(e, pId) == UNSET() <=> proposalProposer(pId) == 0 &&
- safeState(e, pId) == UNSET() <=> proposalSnapshot(pId) == 0 &&
- safeState(e, pId) == UNSET() <=> proposalDeadline(pId) == 0 &&
- safeState(e, pId) == UNSET() => !isExecuted(pId) &&
- safeState(e, pId) == UNSET() => !isCanceled(pId)
- {
- preserved {
- require clock(e) > 0;
- }
- }
- /*
- โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
- โ Invariant: Votes start before it ends โ
- โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
- */
- invariant voteStartBeforeVoteEnd(uint256 pId)
- proposalSnapshot(pId) <= proposalDeadline(pId)
- {
- preserved with (env e) {
- requireInvariant createdConsistency(e, pId);
- }
- }
- /*
- โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
- โ Invariant: A proposal cannot be both executed and canceled simultaneously โ
- โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
- */
- invariant noBothExecutedAndCanceled(uint256 pId)
- !isExecuted(pId) || !isCanceled(pId)
- /*
- โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
- โ Rule: Once a proposal is created, voteStart, voteEnd and proposer are immutable โ
- โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
- */
- rule immutableFieldsAfterProposalCreation(uint256 pId, env e, method f, calldataarg arg)
- filtered { f -> !skip(f) }
- {
- require state(e, pId) != UNSET();
- uint256 voteStart = proposalSnapshot(pId);
- uint256 voteEnd = proposalDeadline(pId);
- address proposer = proposalProposer(pId);
- f(e, arg);
- assert voteStart == proposalSnapshot(pId), "Start date was changed";
- assert voteEnd == proposalDeadline(pId), "End date was changed";
- assert proposer == proposalProposer(pId), "Proposer was changed";
- }
|