GitBross Home Explore Help
Register Sign In
sol_Bo8des9o
/
openzeppelin-contracts
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: a0b58c3071
Branches Tags
openzeppelin-co...
/
certora
Aleksander Kryukov a0b58c3071 flashMint finished 3 years ago
..
harnesses 92f07bae1b typechecker error and skipped require bug 3 years ago
helpers 62d60a5890 Timelock, erc20Wrapper and erc20FlashMint verification 3 years ago
munged 53b6ed80bb ERC1155 verification (not finished) 3 years ago
scripts b2b72e7783 Merge branch 'certora/erc20' of github.com:Certora/openzeppelin-contracts into remotes/origin/certora/erc20 3 years ago
specs a0b58c3071 flashMint finished 3 years ago
Makefile f3087407c6 created applyHarness 3 years ago
README.md 22de642692 simplified README somewhat, included additional information about munging 3 years ago
applyHarness.patch 3f1ee39910 call trace error 3 years ago

README.md

Running the certora verification tool

These instructions detail the process for running CVT on the OpenZeppelin (Wizard/Governor) contracts.

Documentation for CVT and the specification language are available here

Running the verification

The scripts in the certora/scripts directory are used to submit verification jobs to the Certora verification service. After the job is complete, the results will be available on the Certora portal.

These scripts should be run from the root directory; for example by running

sh certora/scripts/verifyAll.sh <meaningful comment>

The most important of these is verifyAll.sh, which checks all of the harnessed contracts (certora/harness/Wizard*.sol) against all of the specifications (certora/spec/*.spec).

The other scripts run a subset of the specifications or the contracts. You can verify different contracts or specifications by changing the --verify option, and you can run a single rule or method with the --rule or --method option.

For example, to verify the WizardFirstPriority contract against the GovernorCountingSimple specification, you could change the --verify line of the WizardControlFirstPriortity.sh script to:

--verify WizardFirstPriority:certora/specs/GovernorCountingSimple.spec \

Adapting to changes in the contracts

Some of our rules require the code to be simplified in various ways. Our primary tool for performing these simplifications is to run verification on a contract that extends the original contracts and overrides some of the methods. These "harness" contracts can be found in the certora/harness directory.

This pattern does require some modifications to the original code: some methods need to be made virtual or public, for example. These changes are handled by applying a patch to the code before verification.

When one of the verify scripts is executed, it first applies the patch file certora/applyHarness.patch to the contracts directory, placing the output in the certora/munged directory. We then verify the contracts in the certora/munged directory.

If the original contracts change, it is possible to create a conflict with the patch. In this case, the verify scripts will report an error message and output rejected changes in the munged directory. After merging the changes, run make record in the certora directory; this will regenerate the patch file, which can then be checked into git.