-
Notifications
You must be signed in to change notification settings - Fork 12.1k
Formal verification of Account (7702+7579) #5785
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
Amxx
wants to merge
17
commits into
OpenZeppelin:master
Choose a base branch
from
Amxx:FV/account
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
17 commits
Select commit
Hold shift + click to select a range
6273cb9
Formal verification of Account (7702+7579)
Amxx ec0e4e8
fix script
Amxx 9b38876
check value passed
Amxx 3c0c43d
up
Amxx 139373f
up
Amxx 3a7078b
up
Amxx cd8d1e8
finally a solution for the fallback issue (needs patch)
Amxx 6f2e783
minimize change
Amxx ea59b14
add rule
Amxx 7292782
specifications for module install / uninstall
Amxx 896e1a3
use invariants to certify storage consistency
Amxx 8a52823
use persistent ghost
Amxx 5f95425
check selectors
Amxx eee46c1
Update
Amxx f4d6bbb
Check possibility of multiple call/delegatecall
Amxx aacd75c
Merge branch 'master' into FV/account
Amxx 8347f1e
Update solc version
ernestognw File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
25 changes: 25 additions & 0 deletions
25
certora/diff/account_extensions_draft-AccountERC7579.sol.patch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| --- account/extensions/draft-AccountERC7579.sol 2025-07-22 11:18:42.944504471 +0200 | ||
| +++ account/extensions/draft-AccountERC7579.sol 2025-07-22 13:57:03.670277084 +0200 | ||
| @@ -60,8 +60,8 @@ | ||
| using EnumerableSet for *; | ||
| using Packing for bytes32; | ||
|
|
||
| - EnumerableSet.AddressSet private _validators; | ||
| - EnumerableSet.AddressSet private _executors; | ||
| + EnumerableSet.AddressSet internal _validators; // private → internal for FV | ||
| + EnumerableSet.AddressSet internal _executors; // private → internal for FV | ||
| mapping(bytes4 selector => address) private _fallbacks; | ||
|
|
||
| /// @dev The account's {fallback} was called with a selector that doesn't have an installed handler. | ||
| @@ -308,8 +308,9 @@ | ||
| * the ERC-2771 format. | ||
| */ | ||
| function _fallback() internal virtual returns (bytes memory) { | ||
| - address handler = _fallbackHandler(msg.sig); | ||
| - require(handler != address(0), ERC7579MissingFallbackHandler(msg.sig)); | ||
| + bytes4 selector = bytes4(msg.data[0:4]); | ||
| + address handler = _fallbackHandler(selector); | ||
| + require(handler != address(0), ERC7579MissingFallbackHandler(selector)); | ||
|
|
||
| // From https://eips.ethereum.org/EIPS/eip-7579#fallback[ERC-7579 specifications]: | ||
| // - MUST utilize ERC-2771 to add the original msg.sender to the calldata sent to the fallback handler | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| // SPDX-License-Identifier: MIT | ||
| pragma solidity ^0.8.26; | ||
|
|
||
| import {AccountERC7702WithModulesMock} from "../patched/mocks/account/AccountMock.sol"; | ||
| import {EIP712} from "../patched/utils/cryptography/EIP712.sol"; | ||
| import {EnumerableSet} from "../patched/utils/structs/EnumerableSet.sol"; | ||
|
|
||
| contract AccountHarness is AccountERC7702WithModulesMock { | ||
| using EnumerableSet for EnumerableSet.AddressSet; | ||
|
|
||
| constructor(string memory name, string memory version) EIP712(name, version) {} | ||
|
|
||
| function getFallbackHandler(bytes4 selector) external view returns (address) { | ||
| return _fallbackHandler(selector); | ||
| } | ||
|
|
||
| function getDataSelector(bytes memory data) external pure returns (bytes4) { | ||
| return bytes4(data); | ||
| } | ||
|
|
||
| function _validatorContains(address module) external view returns (bool) { | ||
| return _validators.contains(module); | ||
| } | ||
|
|
||
| function _validatorLength() external view returns (uint256) { | ||
| return _validators.length(); | ||
| } | ||
|
|
||
| function _validatorAt(uint256 index) external view returns (address) { | ||
| return _validators.at(index); | ||
| } | ||
|
|
||
| function _validatorPositionOf(address module) external view returns (uint256) { | ||
| return _validators._inner._positions[bytes32(uint256(uint160(module)))]; | ||
| } | ||
|
|
||
| function _executorContains(address module) external view returns (bool) { | ||
| return _executors.contains(module); | ||
| } | ||
|
|
||
| function _executorLength() external view returns (uint256) { | ||
| return _executors.length(); | ||
| } | ||
|
|
||
| function _executorAt(uint256 index) external view returns (address) { | ||
| return _executors.at(index); | ||
| } | ||
|
|
||
| function _executorPositionOf(address module) external view returns (uint256) { | ||
| return _executors._inner._positions[bytes32(uint256(uint160(module)))]; | ||
| } | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.