openzeppelin-contracts icon indicating copy to clipboard operation
openzeppelin-contracts copied to clipboard

Published 20 hours ago verified publisher icon OpenZeppelin

Adds certora spec for Ownable2Step

Open spalladino opened this issue 3 years ago • 2 comments

Adds a certora spec for formally verifying Ownable2Step. Includes the rules:

  • transferOwnershipSetsPendingOwner
  • onlyCurrentOwnerCanCallOnlyOwner: verifies that transfer, renounce, and user functions decorated with onlyOwner can indeed only be called by the current owner
  • onlyPendingOwnerCanAccept
  • renounceDoesNotRequireTwoSteps

spalladino avatar Nov 13 '22 15:11 spalladino

What about a rule like

    oldOwner = owner();
    oldPendingOwner = pendingOwner();
    
    env e;
    method f;
    calldataarg args;
    f(e, args);
    
    assert (
        owner() != oldOwner ||
        pendingOwner() != oldPendingOwner
    ) => (
        msg.sender == oldOwner || 
        msg.sender == oldPendingOwner
    );
    
    assert owner() != oldOwner => pendingOwner() == address(0);

Amxx avatar Nov 16 '22 13:11 Amxx

@Amxx added!

spalladino avatar Nov 16 '22 15:11 spalladino

Superceded by https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4094.

frangio avatar Mar 08 '23 18:03 frangio