Skip to content

Formal verification of Account (7702+7579) #5785

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 23 commits into from
Closed

Formal verification of Account (7702+7579) #5785

wants to merge 23 commits into from

Conversation

Amxx
Copy link
Collaborator

@Amxx Amxx commented Jul 6, 2025

No description provided.

@Amxx Amxx requested a review from a team as a code owner July 6, 2025 16:44
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jul 6, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: 7a99c91

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@Amxx
Copy link
Collaborator Author

Amxx commented Jul 22, 2025

These specs pass ! https://prover.certora.com/output/71959/de382212ccb3440e92693f187ca74e93?anonymousKey=5f06da9b8474ce1aaa13d57841d641d64db70476

@ernestognw WDYT ?
@arr00 @james-toussaint @gonzaotc, you should try to have a look. Its ok if you don't understand. Ask questions !

@Amxx Amxx added this to the 5.5 milestone Jul 30, 2025
james-toussaint
james-toussaint reviewed Aug 18, 2025
View reviewed changes
certora/specs/Account.spec
Comment on lines +286 to +295
rule callInstallModule(env e, uint256 moduleTypeId, address module, bytes initData) {
require calls == 0;

installModule(e, moduleTypeId, module, initData);

assert calls == 1;
assert lastcall_target == module;
assert lastcall_selector == 0x6d61fe70; // onInstall(bytes)
assert lastcall_value == 0;
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't already verified here?

openzeppelin-contracts/certora/specs/Account.spec

Lines 245 to 250 in a6ecba8

// Can only call a module without any value. Target is verified by `callInstallModule`.
f.selector == sig:installModule(uint256,address,bytes).selector &&
isEntryPointOrSelf &&
calls == 1 &&
lastcall_selector == 0x6d61fe70 && // onInstall(bytes)
lastcall_value == 0

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That part is not verifying the target (we cannot extract it from the args).

This rule's point is mostly to check the target of the call is the module. All other checks (calls == 1, selector, value) are duplicated. Would you remove them ?

@Amxx Amxx closed this Aug 21, 2025
@Amxx Amxx deleted the FV/account branch August 21, 2025 15:01
@Amxx Amxx mentioned this pull request Aug 21, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@james-toussaint james-toussaint james-toussaint left review comments

Assignees
No one assigned
Labels
Account Abstraction formal-verification Enable FV run in a PR. ignore-changeset
Projects
None yet
Milestone
5.5
Development

Successfully merging this pull request may close these issues.
3 participants
@Amxx @james-toussaint @ernestognw