Add Certora specs (#3)

Author: sunbreak1211

.github/workflows/certora.yml

@@ -0,0 +1,41 @@
+name: Certora
+
+on: [push, pull_request]
+
+jobs:
+  certora:
+    name: Certora
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - uses: actions/setup-java@v2
+        with:
+          distribution: 'zulu'
+          java-version: '11'
+          java-package: jre
+
+      - name: Set up Python 3.13
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.13'
+
+      - name: Install solc-select
+        run: pip3 install solc-select
+
+      - name: Solc Select 0.8.24
+        run: solc-select install 0.8.24
+
+      - name: Install Certora
+        run: pip3 install certora-cli-beta
+
+      - name: Verify nfat
+        run: make certora-nfat results=1
+        env:
+          CERTORAKEY: ${{ secrets.CERTORAKEY }}

.gitignore

@@ -12,3 +12,6 @@ docs/
 
 # Dotenv file
 .env
+
+# Certora
+.certora_internal

Makefile

@@ -0,0 +1,2 @@
+PATH := ~/.solc-select/artifacts/:~/.solc-select/artifacts/solc-0.8.24:$(PATH)
+certora-nfat :; PATH=${PATH} certoraRun certora/NFATFacility.conf$(if $(rule), --rule $(rule),)$(if $(results), --wait_for_results all,)

certora/NFATFacility.conf

@@ -0,0 +1,19 @@
+{
+    "files": [
+        "src/NFATFacility.sol",
+        "certora/harness/GemMock.sol",
+        "certora/harness/IdentityNetworkMock.sol"
+    ],
+    "verify": "NFATFacility:certora/NFATFacility.spec",
+    "link": ["NFATFacility:gem=GemMock"],
+    "solc": "solc-0.8.24",
+    "solc_evm_version": "cancun",
+    "packages": ["openzeppelin-contracts=lib/openzeppelin-contracts"],
+    "optimistic_loop": true,
+    "loop_iter": 3,
+    "rule_sanity": "basic",
+    "multi_assert_check": true,
+    "optimistic_hashing": true,
+    "parametric_contracts": ["NFATFacility"],
+    "msg": "NFATFacility"
+}