Formal Verification: Rules for is/add/remove/swapOwner

jhoenicke commented 1 year ago

This fixes some problems with the previous invariants. The main part is adding new rules that verify that isOwner, addOwnerWithThreshold, removeOwner and swapOwner behave as intended.

In particular it checks that

getThreshold() is always between 1 and ownerCount.
isOwner returns false for SENTINEL and current contract.
isOwner's result agrees with ghostOwners.
addOwner adds an owner and doesn't change other owners.
removeOwner removes an owner and doesn't change other owners.
swapOwner removes old owner, adds new owner, and doesn't change other owners.

coveralls commented 1 year ago

Pull Request Test Coverage Report for Build 5713237242

0 of 0 changed or added relevant lines in 0 files are covered.
No unchanged relevant lines lost coverage.
Overall coverage remained the same at 95.382%

Totals
Change from base Build 5599800372:	0.0%
Covered Lines:	318
Relevant Lines:	330

💛 - Coveralls

mmv08 commented 1 year ago

Thank you!

safe-global / safe-smart-account

Formal Verification: Rules for is/add/remove/swapOwner #629

Pull Request Test Coverage Report for Build 5713237242

💛 - Coveralls