Closed sherlock-admin closed 1 year ago
reassor
informational
Formal verification of Stream contract with certora
N/A
Formal verification can significantly increase security of the protocol. Execution of all rules can done with certora:
bash certora/scripts/verifyStream.sh
Certora specification for Stream contract: https://github.com/sherlock-audit/2022-11-nounsdao/blob/main/certora/specs/Stream.spec#L1-L221
rule sanityCheck() { ... }
{ remainingBalance >= recipientBalance } op; { remainingBalance >= recipientBalance }
{ remainingBalance <= token.balanceOf(contract) } op; { remainingBalance <= token.balanceOf(contract) }
getRecipientBalance() => elapsed * tokenAmount() / duration;
{ recipientBalanceBefore = USDC.balanceOf(recipient()) contractBalanceBefore = USDC.balanceOf(currentContract) remainingBalanceBefore = remainingBalance } withdraw(amount) { recipientBalanceBefore == USDC.balanceOf(recipient() + amount) contractBalanceBefore USDC.balanceOf(currentContract) - amount remainingBalanceBefore = remainingBalance - amount}
{ timestamp > stopTime && remainingBalanceBefore = remainingBalance } withdraw(remainingBalance) { remainingBalance = 0 }
cancel() { remainingBalance == 0 && token.balanceOf(contract) == 0 }
{ remainingBalanceBefore = remainingBalance && balanceBefore = token.balanceOf(contract) } rescueERC20() { remainingBalanceBefore == remainingBalance && balanceBefore == token.balanceOf(contract) }
ratePerSecond() { !REVERTS }
balanceOf() { !REVERTS }
cancel(e) { withdraw(e) => REVERTED }
Certora
It is recommended to use formal verification of the protocol.
reassor
informational
Stream contract formal verification with certora
Summary
Formal verification of Stream contract with certora
Vulnerability Detail
N/A
Impact
Formal verification can significantly increase security of the protocol. Execution of all rules can done with certora:
Code Snippet
Certora specification for Stream contract: https://github.com/sherlock-audit/2022-11-nounsdao/blob/main/certora/specs/Stream.spec#L1-L221
1.SanityCheck ✓
2. Recipient balance should never exceed remaining balance ✓
3. Solvency - Token balance should be bigger or equal to remainingBalance ✓
4. Recipient balance is correctly vested over time ✓
5. Integrity of withdraw ✓
6. Withdraw all remainingBalance when stopTime passed ✓
7. Integrity of cancel ✓
8. Integrity of rescueERC20 ✓
9. Integrity of ratePerSecond ✓
10. Integrity of balanceOf ✓
11. Withdraw should revert after cancel was called ✓
Tool used
Certora
Recommendation
It is recommended to use formal verification of the protocol.